This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| AMD CPU Branch | CVE-2022-23825 | AMD: CVE-2022-23825 AMD CPU Branch Type Confusion |
| AMD CPU Branch | CVE-2022-23816 | AMD: CVE-2022-23816 AMD CPU Branch Type Confusion |
| Azure Site Recovery | CVE-2022-33665 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33666 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33663 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33664 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33667 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33672 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33673 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33671 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33668 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33661 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33662 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33657 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33656 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33658 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33660 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33659 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33655 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33651 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33650 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33652 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33654 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33653 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33669 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33643 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-30181 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33676 | Azure Site Recovery Remote Code Execution Vulnerability |
| Azure Site Recovery | CVE-2022-33677 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33678 | Azure Site Recovery Remote Code Execution Vulnerability |
| Azure Site Recovery | CVE-2022-33642 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33674 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33675 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Site Recovery | CVE-2022-33641 | Azure Site Recovery Elevation of Privilege Vulnerability |
| Azure Storage Library | CVE-2022-30187 | Azure Storage Library Information Disclosure Vulnerability |
| Microsoft Defender for Endpoint | CVE-2022-33637 | Microsoft Defender for Endpoint Tampering Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2022-2295 | Chromium: CVE-2022-2295 Type Confusion in V8 |
| Microsoft Edge (Chromium-based) | CVE-2022-2294 | Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC |
| Microsoft Graphics Component | CVE-2022-22034 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2022-30213 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2022-30221 | Windows Graphics Component Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2022-33632 | Microsoft Office Security Feature Bypass Vulnerability |
| Open Source Software | CVE-2022-27776 | HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data |
| Role: DNS Server | CVE-2022-30214 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: Windows Fax Service | CVE-2022-22024 | Windows Fax Service Remote Code Execution Vulnerability |
| Role: Windows Fax Service | CVE-2022-22027 | Windows Fax Service Remote Code Execution Vulnerability |
| Role: Windows Hyper-V | CVE-2022-30223 | Windows Hyper-V Information Disclosure Vulnerability |
| Role: Windows Hyper-V | CVE-2022-22042 | Windows Hyper-V Information Disclosure Vulnerability |
| Skype for Business and Microsoft Lync | CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability |
| Windows Active Directory | CVE-2022-30215 | Active Directory Federation Services Elevation of Privilege Vulnerability |
| Windows Advanced Local Procedure Call | CVE-2022-30202 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| Windows Advanced Local Procedure Call | CVE-2022-30224 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| Windows Advanced Local Procedure Call | CVE-2022-22037 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability |
| Windows BitLocker | CVE-2022-22711 | Windows BitLocker Information Disclosure Vulnerability |
| Windows BitLocker | CVE-2022-22048 | BitLocker Security Feature Bypass Vulnerability |
| Windows Boot Manager | CVE-2022-30203 | Windows Boot Manager Security Feature Bypass Vulnerability |
| Windows Client/Server Runtime Subsystem | CVE-2022-22026 | Windows CSRSS Elevation of Privilege Vulnerability |
| Windows Client/Server Runtime Subsystem | CVE-2022-22049 | Windows CSRSS Elevation of Privilege Vulnerability |
| Windows Client/Server Runtime Subsystem | CVE-2022-22047 | Windows CSRSS Elevation of Privilege Vulnerability |
| Windows Connected Devices Platform Service | CVE-2022-30212 | Windows Connected Devices Platform Service Information Disclosure Vulnerability |
| Windows Credential Guard | CVE-2022-22031 | Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability |
| Windows Fast FAT Driver | CVE-2022-22043 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
| Windows Fax and Scan Service | CVE-2022-22050 | Windows Fax Service Elevation of Privilege Vulnerability |
| Windows Group Policy | CVE-2022-30205 | Windows Group Policy Elevation of Privilege Vulnerability |
| Windows IIS | CVE-2022-30209 | Windows IIS Server Elevation of Privilege Vulnerability |
| Windows IIS | CVE-2022-22025 | Windows Internet Information Services Cachuri Module Denial of Service Vulnerability |
| Windows IIS | CVE-2022-22040 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability |
| Windows Kernel | CVE-2022-21845 | Windows Kernel Information Disclosure Vulnerability |
| Windows Media | CVE-2022-22045 | Windows.Devices.Picker.dll Elevation of Privilege Vulnerability |
| Windows Media | CVE-2022-30225 | Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability |
| Windows Network File System | CVE-2022-22029 | Windows Network File System Remote Code Execution Vulnerability |
| Windows Network File System | CVE-2022-22028 | Windows Network File System Information Disclosure Vulnerability |
| Windows Network File System | CVE-2022-22039 | Windows Network File System Remote Code Execution Vulnerability |
| Windows Performance Counters | CVE-2022-22036 | Performance Counters for Windows Elevation of Privilege Vulnerability |
| Windows Point-to-Point Tunneling Protocol | CVE-2022-30211 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
| Windows Portable Device Enumerator Service | CVE-2022-22023 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability |
| Windows Print Spooler Components | CVE-2022-30206 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Print Spooler Components | CVE-2022-30226 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Print Spooler Components | CVE-2022-22022 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Print Spooler Components | CVE-2022-22041 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2022-22038 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Security Account Manager | CVE-2022-30208 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
| Windows Server Service | CVE-2022-30216 | Windows Server Service Tampering Vulnerability |
| Windows Shell | CVE-2022-30222 | Windows Shell Remote Code Execution Vulnerability |
| Windows Storage | CVE-2022-30220 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| XBox | CVE-2022-33644 | Xbox Live Save Service Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21845 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS: CVSS:3.1 4.7/4.1
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21845 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21845 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22711 MITRE NVD |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS: CVSS:3.1 6.7/5.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is raw unencrypted disk sector data. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. According to the CVSS metrics, successful exploitation of this vulnerability could lead to loss of confidentiality (C:H) and loss of integrity (I:H) but have no effect on Availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could access specific parts of the storage device and could read or write to portions of the device that are unencrypted. However, this vulnerability would not allow an attacker to deny function of the storage device. How could an attacker exploit this vulnerability? An attacker could access unencrypted parts of a BitLocker encrypted storage device if the administrator resizes the OS volume while concurrently provisioning the drive with BitLocker encryption. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22711 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22711 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30181 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30181 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-30181 | William Söderberg with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33637 MITRE NVD |
CVE Title: Microsoft Defender for Endpoint Tampering Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to authenticate to the management console appliance and to have an integration token documented here: Defender for IoT sensor and management console APIs. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Tampering | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33637 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Defender for Endpoint for Linux | Important | Tampering | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2022-33637 | James Sharpe with Zenotech Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33641 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33641 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33641 | Anonymous William Söderberg with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33642 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33642 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33642 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33643 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33643 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33643 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30187 MITRE NVD |
CVE Title: Azure Storage Library Information Disclosure Vulnerability
CVSS: CVSS:3.1 4.7/4.2
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What is CBC padding in storage SDK? Azure Storage .NET, Java, and Python SDKs use cipher block chaining (CBC mode) for client-side encryption. This client-side encryption is used by very small set of customers, who encrypt their data on the client with a customer-managed key that is maintained in Azure Key Vault or another key store before uploading to Azure Storage. What information can be disclosed if exploited? An attacker who successfully exploited this vulnerability could decrypt data on the client side and disclose the content of the file or blob. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30187 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Storage Blobs client library for .NET | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Azure Storage Blobs client library for Java | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Azure Storage Blobs client library for Python | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Azure Storage Queues client library for .NET | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Azure Storage Queues client library for Python | Update Information (Security Update) | Important | Information Disclosure | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-30187 | Sophie Schmieg with Google |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30202 MITRE NVD |
CVE Title: Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30202 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30202 | Jarvis_1oop |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30203 MITRE NVD |
CVE Title: Windows Boot Manager Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 7.4/6.4
FAQ: What security feature could be bypassed by this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. According to the CVSS metric, successful exploitation could lead to scope change (S:C). What does this mean for this vulnerability? Successful exploitation of this vulnerability could allow an attacker to access the pre-boot environment. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30203 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Security Feature Bypass | 5014710 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Security Feature Bypass | 5014710 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Security Feature Bypass | 5014688 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Security Feature Bypass | 5014688 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Security Feature Bypass | 5014747 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Security Feature Bypass | 5014747 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Security Feature Bypass | 5014678 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Security Feature Bypass | 5014678 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30203 | Zammis Clark |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30205 MITRE NVD |
CVE Title: Windows Group Policy Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.6/5.8
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker to have privileges to create Group Policy Templates. As is best practice, regular validation and audits of administrative groups should be conducted. Upon successful exploitation, what privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30205 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30205 | Matthieu Buffet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30206 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: Determine if the Print Spooler service is running Run the following in Windows PowerShell:
If the Print Spooler is running or if the service is not disabled, follow these steps: Stop and disable the Print Spooler service If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:
Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely. Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30206 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30206 | Victor Mata with FusionX, Accenture Security luckyu with NSFOCUS TIANYUAN LAB |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30208 MITRE NVD |
CVE Title: Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30208 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30208 | bee13oy with Cyber Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30209 MITRE NVD |
CVE Title: Windows IIS Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.4/6.4
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited the vulnerability could bypass authentication on Windows IIS Server. Attackers might be able to post or get information from the Web Service (CVSS metrics C:H/I:H), but would not be able to disrupt the service. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30209 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30209 | Orange Tsai (@orange_8361) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30211 MITRE NVD |
CVE Title: Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30211 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Remote Code Execution | 5014710 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Remote Code Execution | 5014710 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Remote Code Execution | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Remote Code Execution | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30211 | Alex Nichols with Nettitude |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30212 MITRE NVD |
CVE Title: Windows Connected Devices Platform Service Information Disclosure Vulnerability
CVSS: CVSS:3.1 4.7/4.1
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30212 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30212 | JIWO Technology Co., Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30213 MITRE NVD |
CVE Title: Windows GDI+ Information Disclosure Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a pointer leak to the process user-mode address space in the internal memory of the application that is using GDI+. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30213 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30213 | willJ of vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30214 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 6.6/5.8
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30214 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2016 | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30214 | George Hughey with MSRC Vulnerabilities and Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30215 MITRE NVD |
CVE Title: Active Directory Federation Services Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Upon successful exploitation, what privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30215 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30215 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30216 MITRE NVD |
CVE Title: Windows Server Service Tampering Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: How could an attacker exploit this vulnerability? For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Tampering | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30216 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Tampering | 5014688 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Tampering | 5014688 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Tampering | 5014678 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Tampering | 5014678 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Tampering | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30216 | Ben Barnea with Akamai Technologies |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30220 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30220 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30220 | Boxer with Vulnerability Research Institute Thunder_J and Boxer with Vulnerability Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30221 MITRE NVD |
CVE Title: Windows Graphics Component Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: I am running Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1. Is there more information of which I need to be aware? These operating systems are only affected by this vulnerability if either RDP 8.0 or RDP 8.1 is installed. If you do not have either of these versions of RDP installed on Windows 7 SP1 or Window Server 2008 R2 SP1, then you are not affected by this vulnerability. How would an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30221 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Remote Desktop client for Windows Desktop | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Critical | Remote Code Execution | 5014710 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Critical | Remote Code Execution | 5014710 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Critical | Remote Code Execution | 5014688 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Critical | Remote Code Execution | 5014688 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Critical | Remote Code Execution | 5014748 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Critical | Remote Code Execution | 5014748 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Critical | Remote Code Execution | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Critical | Remote Code Execution | 5014748 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Critical | Remote Code Execution | 5014748 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Critical | Remote Code Execution | 5014678 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Critical | Remote Code Execution | 5014678 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30221 | Colas Le Guernic, Jeremy Rubert, and Anonymous with Thalium |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30222 MITRE NVD |
CVE Title: Windows Shell Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.4/7.3
FAQ: How would an attacker exploit this vulnerability? An unauthenticated attacker could interact with the login screen of a vulnerable system in a specific manner to execute code on that system. Mitigations: None Workarounds: The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place: To remove Microsoft Japanese IME entirely from logon UI the following steps are required. First, you must remove the Japanese language (not IME) from every account on the affected device. As long as there is an account where Japanese is installed, logon will continue to show Microsoft JPN IME.
Second, you need to make sure the Welcome screen input language is not set to Japanese.
Impact of workaround Japanese will not be the display language on the device. How to undo the workaround
Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30222 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30222 | Krzysztof Andrusiak |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30223 MITRE NVD |
CVE Title: Windows Hyper-V Information Disclosure Vulnerability
CVSS: CVSS:3.1 5.7/5.0
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if a Hyper-V Guest attacker successfully exploited this vulnerability is data from the Hyper-V Host. According to the CVSS metric, the Hyper-V attack vector is adjacent (AV:A). What does that mean for this vulnerability? Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a Hyper-V Network Virtualization (HNV) logical network. This configuration forms an isolation boundary where the virtual machines within the virtual network can only communicate with each other. In this attack vector, the vulnerable component is bound to the network stack, but the attack is limited to systems configured to use the HNV network. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30223 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30223 | luoquan |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30224 MITRE NVD |
CVE Title: Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30224 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30224 | Jarvis_1oop |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30225 MITRE NVD |
CVE Title: Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.1/6.2
FAQ: According to the CVSS metric, Confidentiality is None (C:N), Integrity is High (I:H), and Availability is High (A:H). How could an attacker impact the Windows Media player? An attacker who successfully exploited this vulnerability could affect the integrity and availability because they could delete privileged registry keys. Confidentiality is not affected by a successful attack, however, because the attacker cannot read or modify the information. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege, Denial of Service |
||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30225 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Denial of Service | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30225 | JIWO Technology Co., Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-30226 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.1/6.2
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Mitigations: None Workarounds: Determine if the Print Spooler service is running Run the following in Windows PowerShell:
If the Print Spooler is running or if the service is not disabled, follow these steps: Stop and disable the Print Spooler service If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:
Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely. Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-30226 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-30226 | Xuefeng Li with Sangfor Zhiniang Peng with Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22022 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.1/6.2
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Mitigations: None Workarounds: Determine if the Print Spooler service is running Run the following in Windows PowerShell:
If the Print Spooler is running or if the service is not disabled, follow these steps: Stop and disable the Print Spooler service If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:
Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely. Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22022 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22022 | Xuefeng Li with Sangfor Zhiniang Peng with Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22023 MITRE NVD |
CVE Title: Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 6.6/5.8
FAQ: In what scenarios can the security feature be bypassed? On machines with slow or older USB controller hardware, the Group policy might have (silently) failed to apply. On such machines, the attacker can trivially exploit this enforcement failure by attaching a USB storage device to the affected machine. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22023 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Security Feature Bypass | 5014710 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Security Feature Bypass | 5014710 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Security Feature Bypass | 5014688 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Security Feature Bypass | 5014688 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Security Feature Bypass | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Security Feature Bypass | 5014747 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Security Feature Bypass | 5014747 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Security Feature Bypass | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Security Feature Bypass | 5014678 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22023 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22024 MITRE NVD |
CVE Title: Windows Fax Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: In what scenarios is my computer vulnerable? For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. How can I verify whether the Fax service is running?
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22024 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Remote Code Execution | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Remote Code Execution | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Remote Code Execution | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Remote Code Execution | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22024 | Xuefeng Li with Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22025 MITRE NVD |
CVE Title: Windows Internet Information Services Cachuri Module Denial of Service Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22025 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Denial of Service | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22025 | Orange Tsai (@orange_8361) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22026 MITRE NVD |
CVE Title: Windows CSRSS Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: According to the CVSS metric, successful exploitation could lead to scope change (S:C). What does this mean for this vulnerability? A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM. Because the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in Scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22026 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22026 | Sergei Glazunov with Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22027 MITRE NVD |
CVE Title: Windows Fax Service Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: In what scenarios is my computer vulnerable? For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. How can I verify whether the Fax service is running?
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22027 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Remote Code Execution | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Remote Code Execution | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Remote Code Execution | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Remote Code Execution | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Remote Code Execution | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Remote Code Execution | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Remote Code Execution | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Remote Code Execution | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Remote Code Execution | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Remote Code Execution | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Remote Code Execution | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Remote Code Execution | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22027 | TJ with FuzzWorks |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22028 MITRE NVD |
CVE Title: Windows Network File System Information Disclosure Vulnerability
CVSS: CVSS:3.1 5.9/5.2
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22028 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Information Disclosure | 5014752 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22028 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22029 MITRE NVD |
CVE Title: Windows Network File System Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.1/7.1
FAQ: How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. Mitigations: Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22029 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Critical | Remote Code Execution | 5014752 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Critical | Remote Code Execution | 5014752 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Critical | Remote Code Execution | 5014752 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Critical | Remote Code Execution | 5014752 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Critical | Remote Code Execution | 5014748 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Critical | Remote Code Execution | 5014748 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Critical | Remote Code Execution | 5014747 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Critical | Remote Code Execution | 5014747 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Critical | Remote Code Execution | 5014678 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Critical | Remote Code Execution | 5014678 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22029 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22031 MITRE NVD |
CVE Title: Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22031 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22031 | James Forshaw with Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22034 MITRE NVD |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/7.0
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22034 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22034 | Marcin Wiazowski working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22036 MITRE NVD |
CVE Title: Performance Counters for Windows Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22036 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22036 | RyeLv (@b2ahex) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22037 MITRE NVD |
CVE Title: Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22037 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22037 | Jarvis_1oop |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22038 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.1/7.3
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22038 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Critical | Remote Code Execution | 5014710 | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Critical | Remote Code Execution | 5014710 | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Critical | Remote Code Execution | 5014688 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Critical | Remote Code Execution | 5014688 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Critical | Remote Code Execution | 5014738 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Critical | Remote Code Execution | 5014747 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Critical | Remote Code Execution | 5014747 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Critical | Remote Code Execution | 5014678 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Critical | Remote Code Execution | 5014678 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 8.1 Temporal: 7.3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22038 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22039 MITRE NVD |
CVE Title: Windows Network File System Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.5/6.5
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22039 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Critical | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Critical | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Critical | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Critical | Remote Code Execution | 5014752 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Critical | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Critical | Remote Code Execution | 5014748 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Critical | Remote Code Execution | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Critical | Remote Code Execution | 5014747 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Critical | Remote Code Execution | 5014738 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Critical | Remote Code Execution | 5014702 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Critical | Remote Code Execution | 5014692 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Critical | Remote Code Execution | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Critical | Remote Code Execution | 5014678 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Critical | Remote Code Execution | 5014699 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22039 | Yuki Chen with Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22040 MITRE NVD |
CVE Title: Internet Information Services Dynamic Compression Module Denial of Service Vulnerability
CVSS: CVSS:3.1 7.3/6.6
FAQ: According to the CVSS metrics, Confidentiality, Integrity, and Availability are Low (C:L, I:L, A:L). What would attacker have to do to exploit this vulnerability? While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker can force a bad response to be cached into a regular URL by having multiple occurrences of the same variable in the query string. The impact depends on the business logic of the user application. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22040 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Denial of Service | 5014738 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Denial of Service | 5014752 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Denial of Service | 5014748 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22040 | Orange Tsai (@orange_8361) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22041 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.8/6.1
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: Determine if the Print Spooler service is running Run the following in Windows PowerShell:
If the Print Spooler is running or if the service is not disabled, follow these steps: Stop and disable the Print Spooler service If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:
Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely. Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22041 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22041 | JeongOh Kyea with THEORI |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22042 MITRE NVD |
CVE Title: Windows Hyper-V Information Disclosure Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? An attacker can gain access to uninitialized buffer information. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22042 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Information Disclosure | 5014710 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Information Disclosure | 5014748 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Information Disclosure | 5014747 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Information Disclosure | 5014738 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Information Disclosure | 5014702 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22042 | Luoquan |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22043 MITRE NVD |
CVE Title: Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: Why are there two different impacts in the Security Updates table? An attacker could potentially exploit this vulnerability to elevate privileges from a client-side application sandbox in earlier Microsoft operating systems. However, mitigation technologies in later Microsoft operating systems make this more difficult. For this reason, this vulnerability has two different impact ratings. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Denial of Service, Elevation of Privilege |
||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22043 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Denial of Service | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Denial of Service | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Denial of Service | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Denial of Service | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Denial of Service | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Denial of Service | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Denial of Service | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Denial of Service | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Denial of Service | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22043 | Thunder_J and Boxer with Vulnerability Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22045 MITRE NVD |
CVE Title: Windows.Devices.Picker.dll Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22045 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22045 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22047 MITRE NVD |
CVE Title: Windows CSRSS Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22047 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22047 | Microsoft Threat Intelligence Center (MSTIC)
Microsoft Security Response Center (MSRC) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22048 MITRE NVD |
CVE Title: BitLocker Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 6.1/5.3
FAQ: What security feature is bypassed with this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22048 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Security Feature Bypass | 5014710 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Security Feature Bypass | 5014710 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Security Feature Bypass | 5014688 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Security Feature Bypass | 5014688 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Security Feature Bypass | 5014738 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Security Feature Bypass | 5014752 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Security Feature Bypass | 5014748 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Security Feature Bypass | 5014747 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Security Feature Bypass | 5014747 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Security Feature Bypass | 5014738 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Security Feature Bypass | 5014702 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Security Feature Bypass | 5014692 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Security Feature Bypass | 5014678 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Security Feature Bypass | 5014678 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Security Feature Bypass | 5014699 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22048 | Zammis Clark |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22049 MITRE NVD |
CVE Title: Windows CSRSS Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22049 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22049 | Sergei Glazunov with Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-22050 MITRE NVD |
CVE Title: Windows Fax Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: What privileges could an attacker gain? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-22050 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5015832 (Security Update) | Important | Elevation of Privilege | 5014710 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Elevation of Privilege | 5014688 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5015874 (Monthly Rollup) | Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5015866 (Monthly Rollup) 5015870 (Security Only) |
Important | Elevation of Privilege | 5014752 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5015861 (Monthly Rollup) 5015862 (Security Only) |
Important | Elevation of Privilege | 5014748 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5015863 (Monthly Rollup) 5015875 (Security Only) |
Important | Elevation of Privilege | 5014747 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5015874 (Monthly Rollup) 5015877 (Security Only) |
Important | Elevation of Privilege | 5014738 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5015808 (Security Update) | Important | Elevation of Privilege | 5014702 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Elevation of Privilege | 5014692 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Elevation of Privilege | 5014678 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-22050 | Zhiniang Peng with Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33632 MITRE NVD |
CVE Title: Microsoft Office Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 4.7/4.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is local (AV:L) but no privileges are required (PR:N) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability? The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33632 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
No |
| Microsoft Office 2013 RT Service Pack 1 | 5002121 (Security Update) | Important | Security Feature Bypass | 4486726 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5002121 (Security Update) | Important | Security Feature Bypass | 4486726 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5002121 (Security Update) | Important | Security Feature Bypass | 4486726 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 5002112 (Security Update) | Important | Security Feature Bypass | 4504710 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 5002112 (Security Update) | Important | Security Feature Bypass | 4504710 | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2022-33632 | Nathan Shomber of Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33633 MITRE NVD |
CVE Title: Skype for Business and Lync Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.2/6.3
FAQ: According to the CVSS metric, the privileges required is high (PR:H). What privileges are needed by the attacker and how are they used in the context of the remote code execution? To successfully exploit this vulnerability, the attacker must have write access on the file share, and an active file share administrator account on the target server. With write access, the attacker would need to modify specific files on the target server to trigger code execution. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33633 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Lync Server 2013 CU10 | 5016714 (Security Update) | Important | Remote Code Execution | None | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Skype for Business Server 2015 CU12 | 5016714 (Security Update) | Important | Remote Code Execution | None | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Skype for Business Server 2019 CU6 | 5016714 (Security Update) | Important | Remote Code Execution | None | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33633 | Yiming Xiang with NSFOCUS TIANJI LAB |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2022-27776 MITRE NVD |
CVE Title: HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data
CVSS: None FAQ: Why is this a HackerOne CVE? This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The July 2022 Windows Security Updates includes the most recent version of this library which addresses the vulnerability and others. Please see curl security problems for information on all of the vulnerabilities that have been addressed. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-27776 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 11 for ARM64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 11 for x64-based Systems | 5015814 (Security Update) | Important | Information Disclosure | 5014688 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 5015811 (Security Update) | Important | Information Disclosure | 5014692 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5015807 (Security Update) | Important | Information Disclosure | 5014699 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-27776 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33644 MITRE NVD |
CVE Title: Xbox Live Save Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The user must be authenticated into an Xbox Live account to be able to exploit this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33644 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 20H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5015807 (Security Update) | Important | Elevation of Privilege | 5014699 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-33644 | Jarvis_1oop |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33650 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33650 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33650 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2022-23816 MITRE NVD |
CVE Title: AMD: CVE-2022-23816 AMD CPU Branch Type Confusion
CVSS: None FAQ: Why is this AMD CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information: Are any additional steps required to protect my system after installing the July Windows updates? Customers who allow untrusted users to execute arbitrary code might wish to implement some extra security features within their systems. These features protect against the intra-process disclosure vectors that this speculative execution vulnerability describes. See the following for more information.
Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect Windows Server VMs running in Azure. More information can be found here. Can I expect any performance impact after I configure the registry keys? In some cases, installing these updates will have a performance impact. In testing Microsoft has seen some performance impact with these mitigations, in particular when hyperthreading is disabled. Microsoft values the security of its software and services and has made the decision to implement certain mitigation strategies in an effort to better secure our products. In some cases, mitigations are not enabled by default to allow users and administrators to evaluate the performance impact and risk exposure before deciding to enable the mitigations. We continue to work with hardware vendors to improve performance while maintaining a high level of security. The Security Updates table indicates that all versions of Windows are affected. When will updates be available for my operating system? Currently we have released updates for Windows Server 2022 and Windows Server 2022 (Server Core installation). Addressing a hardware vulnerability with a software update presents significant challenges with some operating systems requiring extensive architectural changes. Microsoft continues to work with AMD to investigate and prioritize the best way to provide mitigations and will release further updates as needed to help protect customers. The Security Updates table will be updated as updates are released. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications and Coming Soon: New Security Update Guide Notification System. Are Microsoft Azure assets protected? Microsoft has already deployed mitigations across our cloud services. More information is available here. How do I know if I am affected? Please refer to AMD advisory AMD-SB-1037 to determine which AMD CPUs are affected. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-23816 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1607 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1607 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1809 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1809 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1809 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 20H2 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 20H2 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 20H2 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H1 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H1 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H1 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H2 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H2 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H2 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 11 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 11 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 7 for 32-bit Systems Service Pack 1 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 7 for x64-based Systems Service Pack 1 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 8.1 for 32-bit systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 8.1 for x64-based systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows RT 8.1 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2012 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2012 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2012 R2 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2012 R2 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2016 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2016 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2019 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2019 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-23816 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33651 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33651 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33651 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33652 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.4/4.0
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. According to the CVSS metric, the Attack Complexity is High (AC:H). What does this mean for this vulnerability? Exploiting this vulnerability does not directly expose the data to the attacker. The attacker would have to brute force possible combinations and infer the Boolean result returned to disclose confidential information. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33652 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33652 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33653 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33653 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33653 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33654 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33654 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33654 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33655 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33655 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33655 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33656 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33656 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33656 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33657 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33657 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33657 | William Söderberg with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33658 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.4/4.0
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. According to the CVSS metric, the Attack Complexity is High (AC:H). What does this mean for this vulnerability? Exploiting this vulnerability does not directly expose the data to the attacker. The attacker would have to brute force possible combinations and infer the Boolean result returned to disclose confidential information. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33658 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33658 | William Söderberg with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33659 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33659 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33659 | William Söderberg with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33660 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33660 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33660 | William Söderberg with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33661 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33661 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33661 | Anonymous Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33662 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33662 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33662 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33663 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33663 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33663 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33664 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33664 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33664 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33665 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33665 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33665 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33666 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33666 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33666 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33667 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33667 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33667 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33668 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33668 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33668 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33669 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33669 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33669 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33671 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 4.9/4.4
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is High (C:H), Integrity and Availability are None (I:N; A:N). What does this mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information such as encrypted credentials but does not allow the attacker to modify any data or make the service unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33671 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 4.9 Temporal: 4.4 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33671 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33672 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33672 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33672 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2022-23825 MITRE NVD |
CVE Title: AMD: CVE-2022-23825 AMD CPU Branch Type Confusion
CVSS: None FAQ: Why is this AMD CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information: Are any additional steps required to protect my system after installing the July Windows updates? Customers who allow untrusted users to execute arbitrary code might wish to implement some extra security features within their systems. These features protect against the intra-process disclosure vectors that this speculative execution vulnerability describes. See the following for more information.
Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect Windows Server VMs running in Azure. More information can be found here. Can I expect any performance impact after I configure the registry keys? In some cases, installing these updates will have a performance impact. In testing Microsoft has seen some performance impact with these mitigations, in particular when hyperthreading is disabled. Microsoft values the security of its software and services and has made the decision to implement certain mitigation strategies in an effort to better secure our products. In some cases, mitigations are not enabled by default to allow users and administrators to evaluate the performance impact and risk exposure before deciding to enable the mitigations. We continue to work with hardware vendors to improve performance while maintaining a high level of security. The Security Updates table indicates that all versions of Windows are affected. When will updates be available for my operating system? Currently we have released updates for Windows Server 2022 and Windows Server 2022 (Server Core installation). Addressing a hardware vulnerability with a software update presents significant challenges with some operating systems requiring extensive architectural changes. Microsoft continues to work with AMD to investigate and prioritize the best way to provide mitigations and will release further updates as needed to help protect customers. The Security Updates table will be updated as updates are released. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications and Coming Soon: New Security Update Guide Notification System. Are Microsoft Azure assets protected? Microsoft has already deployed mitigations across our cloud services. More information is available here. How do I know if I am affected? Please refer to AMD advisory AMD-SB-1037 to determine which AMD CPUs are affected. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-23825 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1607 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1607 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1809 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1809 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 1809 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 20H2 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 20H2 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 20H2 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H1 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H1 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H1 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H2 for 32-bit Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H2 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 10 Version 21H2 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 11 for ARM64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 11 for x64-based Systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 7 for 32-bit Systems Service Pack 1 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 7 for x64-based Systems Service Pack 1 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 8.1 for 32-bit systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows 8.1 for x64-based systems | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows RT 8.1 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2012 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2012 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2012 R2 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2012 R2 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2016 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2016 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2019 | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2019 (Server Core installation) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| Windows Server 2022 | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2022 (Server Core installation) | 5015827 (Security Update) | Important | Information Disclosure | 5014678 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-23825 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33673 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 6.5/5.9
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability? This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33673 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33673 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33674 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 8.3/7.5
FAQ: What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. According to the CVSS score, the Attack Vector is Adjacent (AV:A). What does this mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within the VNET associated with the vulnerable configuration server. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33674 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 8.3 Temporal: 7.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33674 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33675 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/7.0
FAQ: How do I install the update to be protected from the CVE-2022-33675 and CVE-2022-33676 vulnerabilities? Unlike other Azure Site Recovery CVEs, to be protected from this particular vulnerability customers must upgrade to version 9.49 of the Process Server by following the instructions here. Customers must upgrade all process server installations, such as the in-built process server, scale out process server, and scale out process server on Azure (if any). More information about managing the Process Server can be found here. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. According to the CVSS metric, the Attack Vector is Local (AV:L). What does this mean for this vulnerability? The attacker would have to be an authenticated user logged on to the vulnerable system to be able to exploit this vulnerability. According to the CVSS metric, Privileges Required are Low (PR:L). What privileges are required? To successfully exploit this vulnerability, an attacker needs to be authorized as a local user on the vulnerable component. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33675 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33675 | Jimi Sebree with Tenable |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33676 MITRE NVD |
CVE Title: Azure Site Recovery Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.2/6.5
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. How do I install the update to be protected from the CVE-2022-33675 and CVE-2022-33676 vulnerabilities? Unlike other Azure Site Recovery CVEs, to be protected from this particular vulnerability customers must upgrade to version 9.49 of the Process Server by following the instructions here. Customers must upgrade all process server installations, such as the in-built process server, scale out process server, and scale out process server on Azure (if any). More information about managing the Process Server can be found here. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33676 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33676 | William Söderberg with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33677 MITRE NVD |
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.2/6.3
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33677 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Elevation of Privilege | None | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33677 | William Söderberg with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-33678 MITRE NVD |
CVE Title: Azure Site Recovery Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.2/6.3
FAQ: According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server. What is Azure Site Recovery? Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery To what scenario does this vulnerability apply? This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery. What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.49. Mitigations: None Workarounds: None Revision: 1.0 2022-07-12T07:00:00 Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-33678 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Site Recovery VMWare to Azure | Update Information (Security Update) | Important | Remote Code Execution | None | Base: 7.2 Temporal: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-33678 | William Söderberg with WithSecure |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | |||||||||
| CVE-2022-2294 MITRE NVD |
CVE Title: Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.1 2022-07-07T07:00:00 Updated CVE title. This is an informational change only. 1.0 2022-07-06T16:32:48 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-2294 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2022-2294 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2022-2295 MITRE NVD |
CVE Title: Chromium: CVE-2022-2295 Type Confusion in V8
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.1 2022-07-07T07:00:00 Updated CVE title. This is an informational change only. 1.0 2022-07-06T16:32:51 Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2022-2295 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2022-2295 | None |