Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
AMD CPU Branch CVE-2022-23825 AMD: CVE-2022-23825 AMD CPU Branch Type Confusion
AMD CPU Branch CVE-2022-23816 AMD: CVE-2022-23816 AMD CPU Branch Type Confusion
Azure Site Recovery CVE-2022-33665 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33666 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33663 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33664 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33667 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33672 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33673 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33671 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33668 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33661 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33662 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33657 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33656 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33658 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33660 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33659 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33655 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33651 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33650 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33652 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33654 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33653 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33669 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33643 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-30181 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33676 Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery CVE-2022-33677 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33678 Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery CVE-2022-33642 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33674 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33675 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery CVE-2022-33641 Azure Site Recovery Elevation of Privilege Vulnerability
Azure Storage Library CVE-2022-30187 Azure Storage Library Information Disclosure Vulnerability
Microsoft Defender for Endpoint CVE-2022-33637 Microsoft Defender for Endpoint Tampering Vulnerability
Microsoft Edge (Chromium-based) CVE-2022-2295 Chromium: CVE-2022-2295 Type Confusion in V8
Microsoft Edge (Chromium-based) CVE-2022-2294 Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC
Microsoft Graphics Component CVE-2022-22034 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2022-30213 Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2022-30221 Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Office CVE-2022-33632 Microsoft Office Security Feature Bypass Vulnerability
Open Source Software CVE-2022-27776 HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data
Role: DNS Server CVE-2022-30214 Windows DNS Server Remote Code Execution Vulnerability
Role: Windows Fax Service CVE-2022-22024 Windows Fax Service Remote Code Execution Vulnerability
Role: Windows Fax Service CVE-2022-22027 Windows Fax Service Remote Code Execution Vulnerability
Role: Windows Hyper-V CVE-2022-30223 Windows Hyper-V Information Disclosure Vulnerability
Role: Windows Hyper-V CVE-2022-22042 Windows Hyper-V Information Disclosure Vulnerability
Skype for Business and Microsoft Lync CVE-2022-33633 Skype for Business and Lync Remote Code Execution Vulnerability
Windows Active Directory CVE-2022-30215 Active Directory Federation Services Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call CVE-2022-30202 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call CVE-2022-30224 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call CVE-2022-22037 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Windows BitLocker CVE-2022-22711 Windows BitLocker Information Disclosure Vulnerability
Windows BitLocker CVE-2022-22048 BitLocker Security Feature Bypass Vulnerability
Windows Boot Manager CVE-2022-30203 Windows Boot Manager Security Feature Bypass Vulnerability
Windows Client/Server Runtime Subsystem CVE-2022-22026 Windows CSRSS Elevation of Privilege Vulnerability
Windows Client/Server Runtime Subsystem CVE-2022-22049 Windows CSRSS Elevation of Privilege Vulnerability
Windows Client/Server Runtime Subsystem CVE-2022-22047 Windows CSRSS Elevation of Privilege Vulnerability
Windows Connected Devices Platform Service CVE-2022-30212 Windows Connected Devices Platform Service Information Disclosure Vulnerability
Windows Credential Guard CVE-2022-22031 Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability
Windows Fast FAT Driver CVE-2022-22043 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
Windows Fax and Scan Service CVE-2022-22050 Windows Fax Service Elevation of Privilege Vulnerability
Windows Group Policy CVE-2022-30205 Windows Group Policy Elevation of Privilege Vulnerability
Windows IIS CVE-2022-30209 Windows IIS Server Elevation of Privilege Vulnerability
Windows IIS CVE-2022-22025 Windows Internet Information Services Cachuri Module Denial of Service Vulnerability
Windows IIS CVE-2022-22040 Internet Information Services Dynamic Compression Module Denial of Service Vulnerability
Windows Kernel CVE-2022-21845 Windows Kernel Information Disclosure Vulnerability
Windows Media CVE-2022-22045 Windows.Devices.Picker.dll Elevation of Privilege Vulnerability
Windows Media CVE-2022-30225 Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability
Windows Network File System CVE-2022-22029 Windows Network File System Remote Code Execution Vulnerability
Windows Network File System CVE-2022-22028 Windows Network File System Information Disclosure Vulnerability
Windows Network File System CVE-2022-22039 Windows Network File System Remote Code Execution Vulnerability
Windows Performance Counters CVE-2022-22036 Performance Counters for Windows Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-30211 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Portable Device Enumerator Service CVE-2022-22023 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
Windows Print Spooler Components CVE-2022-30206 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Components CVE-2022-30226 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Components CVE-2022-22022 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Components CVE-2022-22041 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Remote Procedure Call Runtime CVE-2022-22038 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Security Account Manager CVE-2022-30208 Windows Security Account Manager (SAM) Denial of Service Vulnerability
Windows Server Service CVE-2022-30216 Windows Server Service Tampering Vulnerability
Windows Shell CVE-2022-30222 Windows Shell Remote Code Execution Vulnerability
Windows Storage CVE-2022-30220 Windows Common Log File System Driver Elevation of Privilege Vulnerability
XBox CVE-2022-33644 Xbox Live Save Service Elevation of Privilege Vulnerability

CVE-2022-21845 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-21845
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS:

CVSS:3.1 4.7/4.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-21845
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Information Disclosure 5014710 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Information Disclosure 5014710 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Information Disclosure 5014702 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Information Disclosure 5014702 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Information Disclosure 5014688
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Information Disclosure 5014688
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Information Disclosure 5014748
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Information Disclosure 5014748
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Information Disclosure 5014738
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Information Disclosure 5014738
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Information Disclosure 5014738
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Information Disclosure 5014752
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Information Disclosure 5014752
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Information Disclosure 5014752
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Information Disclosure 5014752
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Information Disclosure 5014748
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Information Disclosure 5014748
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Information Disclosure 5014747
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Information Disclosure 5014747
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Information Disclosure 5014738
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Information Disclosure 5014738
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Information Disclosure 5014702 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Information Disclosure 5014702 Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Information Disclosure 5014678
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Information Disclosure 5014678
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-21845 None

CVE-2022-22711 - Windows BitLocker Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-22711
MITRE
NVD
CVE Title: Windows BitLocker Information Disclosure Vulnerability
CVSS:

CVSS:3.1 6.7/5.8
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is raw unencrypted disk sector data.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.


According to the CVSS metrics, successful exploitation of this vulnerability could lead to loss of confidentiality (C:H) and loss of integrity (I:H) but have no effect on Availability (A:N). What does that mean for this vulnerability?

An attacker who successfully exploited this vulnerability could access specific parts of the storage device and could read or write to portions of the device that are unencrypted. However, this vulnerability would not allow an attacker to deny function of the storage device.


How could an attacker exploit this vulnerability?

An attacker could access unencrypted parts of a BitLocker encrypted storage device if the administrator resizes the OS volume while concurrently provisioning the drive with BitLocker encryption.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-22711
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Information Disclosure 5014710 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Information Disclosure 5014710 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Information Disclosure 5014702 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Information Disclosure 5014702 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Information Disclosure 5014688
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Information Disclosure 5014688
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Information Disclosure 5014702 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Information Disclosure 5014702 Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Information Disclosure 5014692
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Information Disclosure 5014692
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Information Disclosure 5014678
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Information Disclosure 5014678
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Information Disclosure
5014699
Base: 6.7
Temporal: 5.8
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-22711 None

CVE-2022-30181 - Azure Site Recovery Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30181
MITRE
NVD
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 6.5/5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?

Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.


What is Azure Site Recovery?

Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery

To what scenario does this vulnerability apply?

This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery.


What can I do to protect myself from this vulnerability?

You can follow the steps here to update to version 9.49.


According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability?

This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30181
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Site Recovery VMWare to Azure Update Information (Security Update) Important Elevation of Privilege None Base: 6.5
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30181 William Söderberg with WithSecure


CVE-2022-33637 - Microsoft Defender for Endpoint Tampering Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-33637
MITRE
NVD
CVE Title: Microsoft Defender for Endpoint Tampering Vulnerability
CVSS:

CVSS:3.1 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to authenticate to the management console appliance and to have an integration token documented here: Defender for IoT sensor and management console APIs.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Tampering

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-33637
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Defender for Endpoint for Linux Important Tampering None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2022-33637 James Sharpe with Zenotech Ltd


CVE-2022-33641 - Azure Site Recovery Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-33641
MITRE
NVD
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 6.5/5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?

Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.


What is Azure Site Recovery?

Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery

To what scenario does this vulnerability apply?

This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery.


What can I do to protect myself from this vulnerability?

You can follow the steps here to update to version 9.49.


According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability?

This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-33641
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Site Recovery VMWare to Azure Update Information (Security Update) Important Elevation of Privilege None Base: 6.5
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-33641 Anonymous


William Söderberg with WithSecure


CVE-2022-33642 - Azure Site Recovery Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-33642
MITRE
NVD
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 4.9/4.4
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?

Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.


What is Azure Site Recovery?

Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery

To what scenario does this vulnerability apply?

This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery.


What can I do to protect myself from this vulnerability?

You can follow the steps here to update to version 9.49.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-33642
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Site Recovery VMWare to Azure Update Information (Security Update) Important Elevation of Privilege None Base: 4.9
Temporal: 4.4
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-33642 Anonymous


CVE-2022-33643 - Azure Site Recovery Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-33643
MITRE
NVD
CVE Title: Azure Site Recovery Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 6.5/5.9
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?

Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.


What is Azure Site Recovery?

Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery

To what scenario does this vulnerability apply?

This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery.


What can I do to protect myself from this vulnerability?

You can follow the steps here to update to version 9.49.


According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability?

This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-33643
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Site Recovery VMWare to Azure Update Information (Security Update) Important Elevation of Privilege None Base: 6.5
Temporal: 5.9
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-33643 Anonymous


CVE-2022-30187 - Azure Storage Library Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30187
MITRE
NVD
CVE Title: Azure Storage Library Information Disclosure Vulnerability
CVSS:

CVSS:3.1 4.7/4.2
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.


What is CBC padding in storage SDK?

Azure Storage .NET, Java, and Python SDKs use cipher block chaining (CBC mode) for client-side encryption. This client-side encryption is used by very small set of customers, who encrypt their data on the client with a customer-managed key that is maintained in Azure Key Vault or another key store before uploading to Azure Storage.


What information can be disclosed if exploited?

An attacker who successfully exploited this vulnerability could decrypt data on the client side and disclose the content of the file or blob.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30187
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Storage Blobs client library for .NET Update Information (Security Update) Important Information Disclosure None Base: 4.7
Temporal: 4.2
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Maybe
Azure Storage Blobs client library for Java Update Information (Security Update) Important Information Disclosure None Base: 4.7
Temporal: 4.2
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Maybe
Azure Storage Blobs client library for Python Update Information (Security Update) Important Information Disclosure None Base: 4.7
Temporal: 4.2
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Maybe
Azure Storage Queues client library for .NET Update Information (Security Update) Important Information Disclosure None Base: 4.7
Temporal: 4.2
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Maybe
Azure Storage Queues client library for Python Update Information (Security Update) Important Information Disclosure None Base: 4.7
Temporal: 4.2
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30187 Sophie Schmieg with Google


CVE-2022-30202 - Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30202
MITRE
NVD
CVE Title: Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.0/6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30202
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Elevation of Privilege 5014738
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Elevation of Privilege 5014747
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Elevation of Privilege 5014747
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30202 Jarvis_1oop


CVE-2022-30203 - Windows Boot Manager Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30203
MITRE
NVD
CVE Title: Windows Boot Manager Security Feature Bypass Vulnerability
CVSS:

CVSS:3.1 7.4/6.4
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What security feature could be bypassed by this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Secure Boot.


According to the CVSS metric, successful exploitation could lead to scope change (S:C). What does this mean for this vulnerability?

Successful exploitation of this vulnerability could allow an attacker to access the pre-boot environment.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30203
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Security Feature Bypass 5014710 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Security Feature Bypass 5014710 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Security Feature Bypass 5014702 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Security Feature Bypass 5014702 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Security Feature Bypass 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Security Feature Bypass 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Security Feature Bypass 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Security Feature Bypass
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Security Feature Bypass
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Security Feature Bypass
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Security Feature Bypass 5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Security Feature Bypass 5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Security Feature Bypass 5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Security Feature Bypass
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Security Feature Bypass
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Security Feature Bypass
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Security Feature Bypass 5014688
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Security Feature Bypass 5014688
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Security Feature Bypass 5014748
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Security Feature Bypass 5014748
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Security Feature Bypass 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Security Feature Bypass 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Security Feature Bypass 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Security Feature Bypass 5014752
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Security Feature Bypass 5014752
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Security Feature Bypass 5014752
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Security Feature Bypass 5014752
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Security Feature Bypass 5014748
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Security Feature Bypass 5014748
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Security Feature Bypass 5014747
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Security Feature Bypass 5014747
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Security Feature Bypass 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Security Feature Bypass 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Security Feature Bypass 5014702 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Security Feature Bypass 5014702 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Security Feature Bypass 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Security Feature Bypass 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Security Feature Bypass 5014678
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Security Feature Bypass 5014678
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Security Feature Bypass
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30203 Zammis Clark


CVE-2022-30205 - Windows Group Policy Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30205
MITRE
NVD
CVE Title: Windows Group Policy Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 6.6/5.8
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires the attacker to have privileges to create Group Policy Templates. As is best practice, regular validation and audits of administrative groups should be conducted.


Upon successful exploitation, what privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain domain administrator privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30205
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Elevation of Privilege 5014738
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Elevation of Privilege 5014747
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Elevation of Privilege 5014747
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30205 Matthieu Buffet


CVE-2022-30206 - Windows Print Spooler Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30206
MITRE
NVD
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:

Determine if the Print Spooler service is running

Run the following in Windows PowerShell:

Get-Service -Name Spooler

If the Print Spooler is running or if the service is not disabled, follow these steps:

Stop and disable the Print Spooler service

If stopping and disabling the Print Spooler service is appropriate for your environment, run the following in Windows PowerShell:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

Impact of workaround Stopping and disabling the Print Spooler service disables the ability to print both locally and remotely.


Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30206
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Elevation of Privilege 5014738
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Elevation of Privilege 5014747
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Elevation of Privilege 5014747
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30206 Victor Mata with FusionX, Accenture Security


luckyu with NSFOCUS TIANYUAN LAB


CVE-2022-30208 - Windows Security Account Manager (SAM) Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30208
MITRE
NVD
CVE Title: Windows Security Account Manager (SAM) Denial of Service Vulnerability
CVSS:

CVSS:3.1 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30208
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Denial of Service 5014710 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Denial of Service 5014710 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Denial of Service 5014702 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Denial of Service 5014702 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Denial of Service 5014692
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Denial of Service 5014692
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Denial of Service 5014692
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Denial of Service
5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Denial of Service
5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Denial of Service
5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Denial of Service 5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Denial of Service 5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Denial of Service 5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Denial of Service
5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Denial of Service
5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Denial of Service
5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Denial of Service 5014688
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Denial of Service 5014688
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Denial of Service 5014748
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Denial of Service 5014748
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Denial of Service 5014738
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Denial of Service 5014738
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Denial of Service 5014738
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Denial of Service 5014752
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Denial of Service 5014752
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Denial of Service 5014752
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Denial of Service 5014752
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Denial of Service 5014748
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Denial of Service 5014748
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Denial of Service 5014747
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Denial of Service 5014747
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Denial of Service 5014738
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Denial of Service 5014738
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Denial of Service 5014702 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Denial of Service 5014702 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Denial of Service 5014692
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Denial of Service 5014692
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Denial of Service 5014678
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Denial of Service 5014678
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Denial of Service
5014699
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30208 bee13oy with Cyber Kunlun Lab


CVE-2022-30209 - Windows IIS Server Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30209
MITRE
NVD
CVE Title: Windows IIS Server Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.4/6.4
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.


What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited the vulnerability could bypass authentication on Windows IIS Server. Attackers might be able to post or get information from the Web Service (CVSS metrics C:H/I:H), but would not be able to disrupt the service.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30209
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Elevation of Privilege 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Elevation of Privilege 5014747
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Elevation of Privilege 5014747
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.4
Temporal: 6.4
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30209 Orange Tsai (@orange_8361) with DEVCORE


CVE-2022-30211 - Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30211
MITRE
NVD
CVE Title: Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30211
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Remote Code Execution 5014710 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Remote Code Execution 5014710 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Remote Code Execution 5014702 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Remote Code Execution 5014702 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Remote Code Execution 5014692
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Remote Code Execution 5014692
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Remote Code Execution 5014692
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Remote Code Execution
5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Remote Code Execution
5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Remote Code Execution
5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Remote Code Execution 5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Remote Code Execution 5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Remote Code Execution 5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Remote Code Execution
5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Remote Code Execution
5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Remote Code Execution
5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Remote Code Execution 5014688
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Remote Code Execution 5014688
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Remote Code Execution 5014748
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Remote Code Execution 5014748
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Remote Code Execution 5014738
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Remote Code Execution 5014738
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Remote Code Execution 5014738
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Remote Code Execution 5014752
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Remote Code Execution 5014752
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Remote Code Execution 5014752
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Remote Code Execution 5014752
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Remote Code Execution 5014748
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Remote Code Execution 5014748
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Remote Code Execution 5014747
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Remote Code Execution 5014747
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Remote Code Execution 5014738
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Remote Code Execution 5014738
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Remote Code Execution 5014702 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Remote Code Execution 5014702 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Remote Code Execution 5014692
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Remote Code Execution 5014692
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Remote Code Execution 5014678
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Remote Code Execution 5014678
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Remote Code Execution
5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30211 Alex Nichols with Nettitude


CVE-2022-30212 - Windows Connected Devices Platform Service Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30212
MITRE
NVD
CVE Title: Windows Connected Devices Platform Service Information Disclosure Vulnerability
CVSS:

CVSS:3.1 4.7/4.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.


According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30212
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Information Disclosure 5014688
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Information Disclosure 5014688
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Information Disclosure 5014692
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Information Disclosure 5014678
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Information Disclosure 5014678
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Information Disclosure
5014699
Base: 4.7
Temporal: 4.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30212 JIWO Technology Co., Ltd


CVE-2022-30213 - Windows GDI+ Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30213
MITRE
NVD
CVE Title: Windows GDI+ Information Disclosure Vulnerability
CVSS:

CVSS:3.1 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a pointer leak to the process user-mode address space in the internal memory of the application that is using GDI+.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30213
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Information Disclosure 5014710 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Information Disclosure 5014710 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Information Disclosure 5014702 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Information Disclosure 5014702 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Information Disclosure 5014692
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Information Disclosure 5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Information Disclosure
5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Information Disclosure 5014688
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Information Disclosure 5014688
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Information Disclosure 5014748
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Information Disclosure 5014748
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Information Disclosure 5014738
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Information Disclosure 5014738
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Information Disclosure 5014738
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Information Disclosure 5014752
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Information Disclosure 5014752
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Information Disclosure 5014752
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Information Disclosure 5014752
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Information Disclosure 5014748
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Information Disclosure 5014748
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Information Disclosure 5014747
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5015863 (Monthly Rollup)
5015875 (Security Only)
Important Information Disclosure 5014747
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Information Disclosure 5014738
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Information Disclosure 5014738
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5015808 (Security Update) Important Information Disclosure 5014702 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Information Disclosure 5014702 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Information Disclosure 5014692
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Information Disclosure 5014692
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Information Disclosure 5014678
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Information Disclosure 5014678
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Information Disclosure
5014699
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30213 willJ of vulnerability research institute


CVE-2022-30214 - Windows DNS Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30214
MITRE
NVD
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 6.6/5.8
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30214
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows Server 2016 5015808 (Security Update) Important Remote Code Execution 5014702 Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Remote Code Execution 5014702 Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Remote Code Execution 5014692
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Remote Code Execution 5014692
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Remote Code Execution 5014678
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Remote Code Execution 5014678
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Remote Code Execution 5014699
Base: 6.6
Temporal: 5.8
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30214 George Hughey with MSRC Vulnerabilities and Mitigations


CVE-2022-30215 - Active Directory Federation Services Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30215
MITRE
NVD
CVE Title: Active Directory Federation Services Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.


Upon successful exploitation, what privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain domain administrator privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30215
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows Server 2016 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Elevation of Privilege 5014678
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30215 None

CVE-2022-30216 - Windows Server Service Tampering Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30216
MITRE
NVD
CVE Title: Windows Server Service Tampering Vulnerability
CVSS:

CVSS:3.1 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit this vulnerability?

For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Tampering

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30216
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Tampering
5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Tampering
5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Tampering
5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Tampering 5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Tampering 5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Tampering 5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Tampering
5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Tampering
5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Tampering
5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Tampering 5014688
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Tampering 5014688
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5015827 (Security Update) Important Tampering 5014678
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5015827 (Security Update) Important Tampering 5014678
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5015807 (Security Update) Important Tampering
5014699
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30216 Ben Barnea with Akamai Technologies


CVE-2022-30220 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30220
MITRE
NVD
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-07-12T07:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30220
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5015832 (Security Update) Important Elevation of Privilege 5014710 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5015808 (Security Update) Important Elevation of Privilege 5014702 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5015811 (Security Update) Important Elevation of Privilege 5014692
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege 5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for 32-bit Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for ARM64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H2 for x64-based Systems 5015807 (Security Update) Important Elevation of Privilege
5014699
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for ARM64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 11 for x64-based Systems 5015814 (Security Update) Important Elevation of Privilege 5014688
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5015861 (Monthly Rollup)
5015862 (Security Only)
Important Elevation of Privilege 5014748
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5015874 (Monthly Rollup)
5015877 (Security Only)
Important Elevation of Privilege 5014738
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5015874 (Monthly Rollup) Important Elevation of Privilege 5014738
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Elevation of Privilege 5014752
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5015866 (Monthly Rollup)
5015870 (Security Only)
Important Ele