Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
Active Directory Domain Services CVE-2022-38042 Active Directory Domain Services Elevation of Privilege Vulnerability
Azure CVE-2022-38017 StorSimple 8000 Series Elevation of Privilege Vulnerability
Azure Arc CVE-2022-37968 Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
Client Server Run-time Subsystem (CSRSS) CVE-2022-37987 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Client Server Run-time Subsystem (CSRSS) CVE-2022-37989 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) CVE-2022-3311 Chromium: CVE-2022-3311 Use after free in Import
Microsoft Edge (Chromium-based) CVE-2022-3313 Chromium: CVE-2022-3313 Incorrect security UI in Full Screen
Microsoft Edge (Chromium-based) CVE-2022-3315 Chromium: CVE-2022-3315 Type confusion in Blink
Microsoft Edge (Chromium-based) CVE-2022-3370 Chromium: CVE-2022-3370 Use after free in Custom Elements
Microsoft Edge (Chromium-based) CVE-2022-3373 Chromium: CVE-2022-3373 Out of bounds write in V8
Microsoft Edge (Chromium-based) CVE-2022-3316 Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe Browsing
Microsoft Edge (Chromium-based) CVE-2022-3317 Chromium: CVE-2022-3317 Insufficient validation of untrusted input in Intents
Microsoft Edge (Chromium-based) CVE-2022-3310 Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs
Microsoft Edge (Chromium-based) CVE-2022-3304 Chromium: CVE-2022-3304 Use after free in CSS
Microsoft Edge (Chromium-based) CVE-2022-41035 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) CVE-2022-3308 Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer Tools
Microsoft Edge (Chromium-based) CVE-2022-3307 Chromium: CVE-2022-3307 Use after free in Media
Microsoft Graphics Component CVE-2022-37986 Windows Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2022-38051 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2022-37997 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2022-37985 Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2022-33635 Windows GDI+ Remote Code Execution Vulnerability
Microsoft Office CVE-2022-38001 Microsoft Office Spoofing Vulnerability
Microsoft Office CVE-2022-38048 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office CVE-2022-41043 Microsoft Office Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2022-38053 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2022-41036 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2022-41038 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2022-41037 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office Word CVE-2022-41031 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office Word CVE-2022-38049 Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL CVE-2022-37982 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL CVE-2022-38031 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
NuGet Client CVE-2022-41032 NuGet Client Elevation of Privilege Vulnerability
Remote Access Service Point-to-Point Tunneling Protocol CVE-2022-37965 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Role: Windows Hyper-V CVE-2022-37979 Windows Hyper-V Elevation of Privilege Vulnerability
Service Fabric CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability
Visual Studio Code CVE-2022-41042 Visual Studio Code Information Disclosure Vulnerability
Visual Studio Code CVE-2022-41034 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2022-41083 Visual Studio Code Elevation of Privilege Vulnerability
Windows Active Directory Certificate Services CVE-2022-37978 Windows Active Directory Certificate Services Security Feature Bypass
Windows Active Directory Certificate Services CVE-2022-37976 Active Directory Certificate Services Elevation of Privilege Vulnerability
Windows ALPC CVE-2022-38029 Windows ALPC Elevation of Privilege Vulnerability
Windows CD-ROM Driver CVE-2022-38044 Windows CD-ROM File System Driver Remote Code Execution Vulnerability
Windows COM+ Event System Service CVE-2022-41033 Windows COM+ Event System Service Elevation of Privilege Vulnerability
Windows Connected User Experiences and Telemetry CVE-2022-38021 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
Windows CryptoAPI CVE-2022-34689 Windows CryptoAPI Spoofing Vulnerability
Windows Defender CVE-2022-37971 Microsoft Windows Defender Elevation of Privilege Vulnerability
Windows DHCP Client CVE-2022-38026 Windows DHCP Client Information Disclosure Vulnerability
Windows DHCP Client CVE-2022-37980 Windows DHCP Client Elevation of Privilege Vulnerability
Windows Distributed File System (DFS) CVE-2022-38025 Windows Distributed File System (DFS) Information Disclosure Vulnerability
Windows DWM Core Library CVE-2022-37970 Windows DWM Core Library Elevation of Privilege Vulnerability
Windows DWM Core Library CVE-2022-37983 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Windows Event Logging Service CVE-2022-37981 Windows Event Logging Service Denial of Service Vulnerability
Windows Group Policy CVE-2022-37975 Windows Group Policy Elevation of Privilege Vulnerability
Windows Group Policy Preference Client CVE-2022-37994 Windows Group Policy Preference Client Elevation of Privilege Vulnerability
Windows Group Policy Preference Client CVE-2022-37993 Windows Group Policy Preference Client Elevation of Privilege Vulnerability
Windows Group Policy Preference Client CVE-2022-37999 Windows Group Policy Preference Client Elevation of Privilege Vulnerability
Windows Internet Key Exchange (IKE) Protocol CVE-2022-38036 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Windows Kernel CVE-2022-37988 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2022-38037 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2022-37990 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2022-38038 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2022-38039 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2022-37995 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2022-37991 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2022-38022 Windows Kernel Elevation of Privilege Vulnerability
Windows Local Security Authority (LSA) CVE-2022-38016 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Windows Local Security Authority Subsystem Service (LSASS) CVE-2022-37977 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Windows Local Session Manager (LSM) CVE-2022-37973 Windows Local Session Manager (LSM) Denial of Service Vulnerability
Windows Local Session Manager (LSM) CVE-2022-37998 Windows Local Session Manager (LSM) Denial of Service Vulnerability
Windows NTFS CVE-2022-37996 Windows Kernel Memory Information Disclosure Vulnerability
Windows NTLM CVE-2022-35770 Windows NTLM Spoofing Vulnerability
Windows ODBC Driver CVE-2022-38040 Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Perception Simulation Service CVE-2022-37974 Windows Mixed Reality Developer Tools Information Disclosure Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-33634 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-22035 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-24504 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-38047 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-41081 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-30198 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol CVE-2022-38000 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Portable Device Enumerator Service CVE-2022-38032 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
Windows Print Spooler Components CVE-2022-38028 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) CVE-2022-38003 Windows Resilient File System Elevation of Privilege
Windows Secure Channel CVE-2022-38041 Windows Secure Channel Denial of Service Vulnerability
Windows Security Support Provider Interface CVE-2022-38043 Windows Security Support Provider Interface Information Disclosure Vulnerability
Windows Server Remotely Accessible Registry Keys CVE-2022-38033 Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability
Windows Server Service CVE-2022-38045 Server Service Remote Protocol Elevation of Privilege Vulnerability
Windows Storage CVE-2022-38027 Windows Storage Elevation of Privilege Vulnerability
Windows TCP/IP CVE-2022-33645 Windows TCP/IP Driver Denial of Service Vulnerability
Windows USB Serial Driver CVE-2022-38030 Windows USB Serial Driver Information Disclosure Vulnerability
Windows Web Account Manager CVE-2022-38046 Web Account Manager Information Disclosure Vulnerability
Windows Win32K CVE-2022-38050 Win32k Elevation of Privilege Vulnerability
Windows WLAN Service CVE-2022-37984 Windows WLAN Service Elevation of Privilege Vulnerability
Windows Workstation Service CVE-2022-38034 Windows Workstation Service Elevation of Privilege Vulnerability

CVE-2022-30198 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-30198
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


How could an attacker exploit the vulnerability?

To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-30198
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Critical Remote Code Execution 5017327 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Critical Remote Code Execution 5017327 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Critical Remote Code Execution 5017321
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Critical Remote Code Execution 5017321
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Critical Remote Code Execution
5017367		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Remote Code Execution 5017370
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Remote Code Execution 5017370
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Critical Remote Code Execution 5017316
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Critical Remote Code Execution 5017316
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-30198 b2ahex


Jarvis_1oop of vulnerability research institute


Yuki Chen with Cyber KunLun

CVE-2022-22035 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-22035
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


How could an attacker exploit the vulnerability?

To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-22035
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Critical Remote Code Execution 5017327 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Critical Remote Code Execution 5017327 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Critical Remote Code Execution 5017321
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Critical Remote Code Execution 5017321
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Critical Remote Code Execution
5017367		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Remote Code Execution 5017370
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Remote Code Execution 5017370
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Critical Remote Code Execution 5017316
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Critical Remote Code Execution 5017316
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-22035 Jarvis_1oop of vulnerability research institute


Yuki Chen with Cyber KunLun

CVE-2022-24504 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-24504
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


How could an attacker exploit the vulnerability?

To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-24504
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Critical Remote Code Execution 5017327 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Critical Remote Code Execution 5017327 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Critical Remote Code Execution 5017321
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Critical Remote Code Execution 5017321
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Critical Remote Code Execution
5017367		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Remote Code Execution 5017358
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Remote Code Execution 5017358
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Remote Code Execution 5017358
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Remote Code Execution 5017358
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Remote Code Execution 5017370
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Remote Code Execution 5017370
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Critical Remote Code Execution 5017316
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Critical Remote Code Execution 5017316
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-24504 b2ahex


Jarvis_1oop of vulnerability research institute


Yuki Chen with Cyber KunLun

CVE-2022-33634 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-33634
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


How could an attacker exploit the vulnerability?

To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-33634
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Critical Remote Code Execution 5017327 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Critical Remote Code Execution 5017327 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution 5017308
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Critical Remote Code Execution
5017308		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Critical Remote Code Execution 5017321
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Critical Remote Code Execution 5017321
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Critical Remote Code Execution Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Critical Remote Code Execution
5017367		 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Remote Code Execution 5017358
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Remote Code Execution 5017358
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Remote Code Execution 5017358
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Remote Code Execution 5017358
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Remote Code Execution 5017361
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Remote Code Execution 5017370
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Remote Code Execution 5017370
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Remote Code Execution 5017367
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Critical Remote Code Execution 5017305 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Critical Remote Code Execution 5017315
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Critical Remote Code Execution 5017316
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Critical Remote Code Execution 5017316
 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-33634 b2ahex


Yuki Chen with Cyber KunLun

CVE-2022-33635 - Windows GDI+ Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-33635
MITRE
NVD		 CVE Title: Windows GDI+ Remote Code Execution Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user open a specially crafted file.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-33635
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Important Remote Code Execution 5017327 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Important Remote Code Execution 5017327 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Important Remote Code Execution 5017305 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Important Remote Code Execution 5017305 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Important Remote Code Execution 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Important Remote Code Execution 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Important Remote Code Execution 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Important Remote Code Execution
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Important Remote Code Execution
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Important Remote Code Execution
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Important Remote Code Execution 5017308
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Important Remote Code Execution 5017308
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Important Remote Code Execution 5017308
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Important Remote Code Execution
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Important Remote Code Execution
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Important Remote Code Execution
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Important Remote Code Execution 5017321
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Important Remote Code Execution 5017321
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Important Remote Code Execution Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Remote Code Execution 5017361
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Remote Code Execution 5017361
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Remote Code Execution 5017367
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Remote Code Execution 5017367
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Important Remote Code Execution
5017367		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Remote Code Execution 5017358
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Remote Code Execution 5017358
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Remote Code Execution 5017358
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Remote Code Execution 5017358
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Remote Code Execution 5017361
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Remote Code Execution 5017361
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Remote Code Execution 5017370
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Remote Code Execution 5017370
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Remote Code Execution 5017367
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Remote Code Execution 5017367
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Important Remote Code Execution 5017305 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Important Remote Code Execution 5017305 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Important Remote Code Execution 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Important Remote Code Execution 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Important Remote Code Execution 5017316
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Important Remote Code Execution 5017316
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-33635 Bing Sun and Jin Liu with Trellix

CVE-2022-33645 - Windows TCP/IP Driver Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-33645
MITRE
NVD		 CVE Title: Windows TCP/IP Driver Denial of Service Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:

Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-33645
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Important Denial of Service 5017327 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Important Denial of Service 5017327 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Important Denial of Service 5017305 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Important Denial of Service 5017305 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Important Denial of Service 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Important Denial of Service 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Important Denial of Service 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Important Denial of Service 5017308
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Important Denial of Service 5017308
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Important Denial of Service 5017308
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Important Denial of Service 5017321
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Important Denial of Service 5017321
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Important Denial of Service Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Denial of Service 5017361
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Denial of Service 5017361
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Denial of Service 5017367
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Denial of Service 5017367
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Important Denial of Service
5017367		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Denial of Service 5017358
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Denial of Service 5017358
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Denial of Service 5017358
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Denial of Service 5017358
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Denial of Service 5017361
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Denial of Service 5017361
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Denial of Service 5017370
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Denial of Service 5017370
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Denial of Service 5017367
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Denial of Service 5017367
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Important Denial of Service 5017305 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Important Denial of Service 5017305 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Important Denial of Service 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Important Denial of Service 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Important Denial of Service 5017316
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Important Denial of Service 5017316
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-33645 luoquan

CVE-2022-34689 - Windows CryptoAPI Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-34689
MITRE
NVD		 CVE Title: Windows CryptoAPI Spoofing Vulnerability
CVSS:

CVSS:3.1 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What is the nature of the spoofing?

An attacker could manipulate an existing public x.509 certificate to spoof their identify and perform actions such as authentication or code signing as the targeted certificate.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published. This CVE was addressed by updates that were released in August 2022, but the CVE was omitted from the August 2022 Security Updates. This is an informational change only. Customers who have already installed the August 2022 update do not need to take any further action.


 Critical Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-34689
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Critical Spoofing 5017327 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Critical Spoofing 5017327 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Critical Spoofing 5017305 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Critical Spoofing 5017305 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Critical Spoofing 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Critical Spoofing 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Critical Spoofing 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Critical Spoofing
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Critical Spoofing
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Critical Spoofing
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Critical Spoofing 5017308
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Critical Spoofing 5017308
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Critical Spoofing 5017308
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Critical Spoofing 5017308
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Critical Spoofing
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Critical Spoofing
5017308		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Critical Spoofing 5017321
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Critical Spoofing 5017321
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Critical Spoofing Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Critical Spoofing Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Spoofing 5017361
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Spoofing 5017361
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Spoofing 5017367
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Spoofing 5017367
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Critical Spoofing
5017367		 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Spoofing 5017358
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Spoofing 5017358
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Spoofing 5017358
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Critical Spoofing 5017358
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Spoofing 5017361
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Critical Spoofing 5017361
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Spoofing 5017370
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Critical Spoofing 5017370
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Spoofing 5017367
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Critical Spoofing 5017367
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Critical Spoofing 5017305 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Critical Spoofing 5017305 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Critical Spoofing 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Critical Spoofing 5017315
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Critical Spoofing 5017316
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Critical Spoofing 5017316
 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-34689 None

CVE-2022-35770 - Windows NTLM Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-35770
MITRE
NVD		 CVE Title: Windows NTLM Spoofing Vulnerability
CVSS:

CVSS:3.1 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to access a malicious folder or directory. Users should never open anything that they do not know or trust to be safe.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-35770
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Important Spoofing 5017327 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Important Spoofing 5017327 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Important Spoofing 5017305 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Important Spoofing 5017305 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Important Spoofing 5017315
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Important Spoofing 5017315
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Important Spoofing 5017315
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Important Spoofing
5017308		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Important Spoofing
5017308		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Important Spoofing
5017308		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Important Spoofing 5017308
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Important Spoofing 5017308
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Important Spoofing 5017308
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Important Spoofing
5017308		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Important Spoofing
5017308		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Important Spoofing
5017308		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Important Spoofing 5017321
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Important Spoofing 5017321
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Important Spoofing Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Important Spoofing Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Spoofing 5017361
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Spoofing 5017361
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Spoofing 5017367
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Spoofing 5017367
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Important Spoofing
5017367		 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Spoofing 5017358
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Spoofing 5017358
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Spoofing 5017358
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Spoofing 5017358
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Spoofing 5017361
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Spoofing 5017361
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Spoofing 5017370
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Spoofing 5017370
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Spoofing 5017367
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Spoofing 5017367
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Important Spoofing 5017305 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Important Spoofing 5017305 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Important Spoofing 5017315
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Important Spoofing 5017315
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Important Spoofing 5017316
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Important Spoofing 5017316
 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-35770 RGFulw

CVE-2022-35829 - Service Fabric Explorer Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-35829
MITRE
NVD		 CVE Title: Service Fabric Explorer Spoofing Vulnerability
CVSS:

CVSS:3.1 6.2/5.4
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

An attacker needs to have CreateComposeDeployment permission to exploit this vulnerability. Please refer to the Security/ClientAccess section of Customize Service Fabric cluster settings for more information on the permission.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

The vulnerability is in the web client, but the malicious scripts execute in the victim’s browser on their machine.


How can I ensure I am not on a vulnerable version of Service Fabric Explorer?

A vulnerable version of Service Fabric Explorer (SFXv1) has the URL that ends in "old.html". If you are on an unsupported version of Service Fabric Runtime (8.1.316 and below), you will be vulnerable. Please update to a supported version of Service Fabric Runtime. See Service Fabric supported versions for the list of all supported versions of the runtime. On supported versions of the Service Fabric Runtime, the Service Fabric Explorer version (SFXv2) which is loaded by default is not affected by this vulnerability. On supported SF runtime versions, you can verify you are using SFXv2 by checking that the URL of Service Fabric Explorer ends in "index.html".

How can I update my Service Fabric Cluster to the latest version?

Please refer to Manage Service Fabric cluster upgrades for instructions on how to update your Service Fabric Cluster.

If I am on a supported version of Service Fabric Runtime, how can I switch to the latest version of Service Fabric Explorer (SFXv2)?

SFXv2 is loaded by default on all supported versions of Service Fabric. You can navigate to SFXv2 by making sure the Service Fabric Explorer URL ends in "index.html". An example of a vulnerable URL would be https://<your instance name>.cloudapp.azure.com:19080/Explorer/old.html#/.

You can navigate to any of the following URLs to switch to SFXv2:

  • https://<your instance name>.cloudapp.azure.com:19080/Explorer/index.html#/
  • https://<your instance name>.cloudapp.azure.com:19080/Explorer/
  • https://<your instance name>.cloudapp.azure.com:19080/

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

A victim user would have to click the stored XSS payload injected by the attacker to be compromised.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-35829
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Service Fabric Explorer Release Notes (Security Update) Important Spoofing None Base: 6.2
Temporal: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-35829 Lidor Ben Shitrit with Orca Security

CVE-2022-3304 - Chromium: CVE-2022-3304 Use after free in CSS

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3304
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3304 Use after free in CSS
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.61/62

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-03T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3304
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3304 None

CVE-2022-3307 - Chromium: CVE-2022-3307 Use after free in Media

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3307
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3307 Use after free in Media
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.61/62

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-03T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3307
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3307 None

CVE-2022-3308 - Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer Tools

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3308
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer Tools
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.61/62

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-03T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3308
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3308 None

CVE-2022-3310 - Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3310
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.61/62

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-03T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3310
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3310 None

CVE-2022-3311 - Chromium: CVE-2022-3311 Use after free in Import

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3311
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3311 Use after free in Import
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.61/62

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-03T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3311
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3311 None

CVE-2022-3313 - Chromium: CVE-2022-3313 Incorrect security UI in Full Screen

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3313
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3313 Incorrect security UI in Full Screen
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.61/62

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-03T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3313
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3313 None

CVE-2022-3315 - Chromium: CVE-2022-3315 Type confusion in Blink

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3315
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3315 Type confusion in Blink
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.61/62

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-03T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3315
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3315 None

CVE-2022-3316 - Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe Browsing

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3316
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe Browsing
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.61/62

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-03T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3316
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3316 None

CVE-2022-3317 - Chromium: CVE-2022-3317 Insufficient validation of untrusted input in Intents

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3317
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3317 Insufficient validation of untrusted input in Intents
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.61/62

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-03T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3317
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3317 None

CVE-2022-3370 - Chromium: CVE-2022-3370 Use after free in Custom Elements

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3370
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3370 Use after free in Custom Elements
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.91

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-06T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3370
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3370 None

CVE-2022-3373 - Chromium: CVE-2022-3373 Out of bounds write in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-3373
MITRE
NVD		 CVE Title: Chromium: CVE-2022-3373 Out of bounds write in V8
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
106.0.1370.34 10/03/2022 106.0.5249.91

Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-06T07:00:00    

Information published.


 Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-3373
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-3373 None

CVE-2022-37965 - Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37965
MITRE
NVD		 CVE Title: Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVSS:

CVSS:3.1 5.9/5.2
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37965
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Important Denial of Service 5017327 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Important Denial of Service 5017327 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Important Denial of Service 5017305 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Important Denial of Service 5017305 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Important Denial of Service 5017315
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Important Denial of Service 5017315
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Important Denial of Service 5017315
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Important Denial of Service 5017308
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Important Denial of Service 5017308
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Important Denial of Service 5017308
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Important Denial of Service
5017308		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Important Denial of Service 5017321
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Important Denial of Service 5017321
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Important Denial of Service Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Important Denial of Service Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Denial of Service 5017367
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Denial of Service 5017367
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Important Denial of Service
5017367		 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Denial of Service 5017370
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Denial of Service 5017370
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Denial of Service 5017367
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Denial of Service 5017367
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Important Denial of Service 5017305 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Important Denial of Service 5017305 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Important Denial of Service 5017315
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Important Denial of Service 5017315
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Important Denial of Service 5017316
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Important Denial of Service 5017316
 Base: 5.9
Temporal: 5.2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37965 None

CVE-2022-37968 - Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37968
MITRE
NVD		 CVE Title: Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 10.0/8.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit this vulnerability?

An attacker who knows the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster can exploit this vulnerability from the internet. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, allows an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc; therefore Azure Stack Edge devices are also vulnerable.


According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

The vulnerability is in Azure Arc but could also impact the Kubernetes cluster and Azure Stack Edge that is connected to the vulnerable Azure Arc.

See the Security Updates Table for the affected versions of these products.


What does Azure Arc do?

Azure Arc allows customers to connect on-premises infrastructure (server, Kubernetes, etc.) to Azure for ease of management. Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform. For more information, please see Azure Arc overview.


What version of the Azure Arc-enabled Kubernetes cluster addresses this vulnerability?

Auto-upgrade is enabled by default for customers using Azure Arc; however, if you manually control your updates, action is required to upgrade to the latest version. Microsoft recommends that customers using Azure Arc-enabled Kubernetes clusters upgrade to agent versions 1.5.8 and above, 1.6.19 and above, 1.7.18 and above, or 1.8.11 and above as appropriate to be protected from this vulnerability. Customers who have already upgrated to version 1.8.14 are already protected from this vulnerability.

How do I check which version of the Azure Arc-enabled Kubernetes cluster I am currently using?

Guidance is available in the Check agent version section of Upgrade Azure Arc-enabled Kubernetes agents.

How do I validate whether I have auto-upgrade turned on?

Guidance is available in the Check if automatic upgrade is enabled on a cluster section of Upgrade Azure Arc-enabled Kubernetes agents. . How do I protect myself from this vulnerability?

Customers with Auto-Upgrade enabled have been updated automatically and are protected. If you do not have auto-upgrade enabled, manually update to the latest version.

What version of the Azure Stack Edge cluster addresses this vulnerability?

Customers using Azure Stack Edge must update to the 2209 release (software version 2.2.2088.5593). Release notes for the 2209 release of Azure Stack Edge can be found here: Azure Stack Edge 2209 release notes.


What does Azure Stack Edge do?

Azure Stack Edge Pro 2 is a new generation of an AI-enabled edge computing device offered as a service from Microsoft. This article provides you an overview of the Azure Stack Edge Pro 2 solution. For more information on Azure Stack Edge, please see What is Azure Stack Edge Pro 2?.


What does Azure Arc-enabled Kubernetes cluster do?

Azure Arc-enabled Kubernetes allows you to attach and configure Kubernetes clusters running anywhere. You can connect your clusters running on other public cloud providers (such as GCP or AWS) or clusters running on your on-premises data center (such as VMware vSphere or Azure Stack HCI) to Azure Arc. For more information please see What is Azure Arc-enabled Kubernetes?.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Critical Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37968
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Arc-enabled Kubernetes cluster 1.5.8 Release Notes (Security Update) Critical Elevation of Privilege None Base: 10.0
Temporal: 8.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Azure Arc-enabled Kubernetes cluster 1.6.19 Release Notes (Security Update) Critical Elevation of Privilege None Base: 10.0
Temporal: 8.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Azure Arc-enabled Kubernetes cluster 1.7.18 Release Notes (Security Update) Critical Elevation of Privilege None Base: 10.0
Temporal: 8.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Azure Arc-enabled Kubernetes cluster 1.8.11 Release Notes (Security Update) Critical Elevation of Privilege None Base: 10.0
Temporal: 8.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe
Azure Stack Edge Release Notes (Security Update) Critical Elevation of Privilege None Base: 10.0
Temporal: 8.7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37968 Mo Khan with Microsoft


Mo Khan with Microsoft

CVE-2022-38017 - StorSimple 8000 Series Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-38017
MITRE
NVD		 CVE Title: StorSimple 8000 Series Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 6.8/5.9
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Where can I find more information about StorSimple 8000 Series?

StorSimple 8000 series is a hybrid cloud storage solution. Please see StorSimple 8000 series for more information.


According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?

An unauthenticated attacker needs to physically connect to a vulnerable StorSimple appliance to gain privileges to exploit this vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-38017
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure StorSimple 8000 Series Release Notes (Security Update) Important Elevation of Privilege None Base: 6.8
Temporal: 5.9
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2022-38017 None

CVE-2022-37970 - Windows DWM Core Library Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37970
MITRE
NVD		 CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How could an attacker exploit this vulnerability?

This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an executable file that is attached to an email.


What type of privileges could an attacker gain through this vulnerability?

A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37970
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Important Elevation of Privilege 5017308
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Important Elevation of Privilege 5017308
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Important Elevation of Privilege 5017308
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Important Elevation of Privilege 5017321
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Important Elevation of Privilege 5017321
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Important Elevation of Privilege 5017316
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Important Elevation of Privilege 5017316
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37970 namnp with Viettel Cyber Security


Zhang WangJunJie, He YiSheng, Li WenYue, Zhu ZhiQuan with Hillstone Network Security Research Institute

CVE-2022-37971 - Microsoft Windows Defender Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37971
MITRE
NVD		 CVE Title: Microsoft Windows Defender Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.1/6.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.


According to the CVSS metrics, Confidentiality is None (C:N), and Integrity and Availability are High (I:H; A:H). What does this mean for this vulnerability?

This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.


References Identification
Last version of the MpSigStub.exe affected by this vulnerability 1.1.19600.3
First version of the MpSigStub.exe with this vulnerability addressed Version 1.1.19700.2

1. Why is no action required to install this update?

In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.

For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.

Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.

2, How often are the malware definitions updated?

Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.

Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.

3. What is the MpSigStub.exe?

MpSigStub.exe is a component that’s responsible for installing definition updates.

4. Does this update contain any additional security-related changes to functionality?

Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.

5. Where can I find more information about Microsoft antimalware technology?

For more information, visit the Microsoft Malware Protection Center website.

6. The definitions are not updating on my system. What do I do?

This security update is delivered only through definition updates. This cannot happen if Defender is in a disabled state (such as in the case of a third-party antivirus product providing real time protection). If Defender is disabled, you can delete the vulnerable file from the system: C:\WINDOWS\System32\MpSigStub.exe.

If Defender is re-enabled at a later time, MpSigStub.exe will be replaced only when updating signatures via Microsoft Update or WSUS. MpSigStub.exe will not be replaced via the standalone Mpam-fe.exe install or via UNC Path installs.

Suggested Actions

Verify that the update is installed

Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.

For more information on how to verify the version number for the Microsoft Malware Protection Engine that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781.

If necessary, install the update

Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.

For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

End users that do not wish to wait can manually update their antimalware software.

For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37971
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Malware Protection Engine Release Notes (Security Update) Important Elevation of Privilege None Base: 7.1
Temporal: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
 No

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37971 Or Yair (@oryair1999) with SafeBreach Labs

CVE-2022-38034 - Windows Workstation Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-38034
MITRE
NVD		 CVE Title: Windows Workstation Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 4.3/3.8
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges could an attacker gain?

An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-38034
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Important Elevation of Privilege 5017327 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Important Elevation of Privilege 5017327 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Important Elevation of Privilege 5017305 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Important Elevation of Privilege 5017305 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Important Elevation of Privilege 5017308
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Important Elevation of Privilege 5017308
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Important Elevation of Privilege 5017308
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Important Elevation of Privilege 5017321
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Important Elevation of Privilege 5017321
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Important Elevation of Privilege Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Important Elevation of Privilege Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Elevation of Privilege 5017361
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Elevation of Privilege 5017361
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Elevation of Privilege 5017367
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Elevation of Privilege 5017367
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Important Elevation of Privilege
5017367		 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Elevation of Privilege 5017358
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Elevation of Privilege 5017358
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Elevation of Privilege 5017358
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Elevation of Privilege 5017358
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Elevation of Privilege 5017361
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Elevation of Privilege 5017361
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Elevation of Privilege 5017370
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Elevation of Privilege 5017370
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Elevation of Privilege 5017367
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Elevation of Privilege 5017367
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Important Elevation of Privilege 5017305 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Important Elevation of Privilege 5017305 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Important Elevation of Privilege 5017316
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Important Elevation of Privilege 5017316
 Base: 4.3
Temporal: 3.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-38034 Stiv Kupchik with Akamai

CVE-2022-37986 - Windows Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37986
MITRE
NVD		 CVE Title: Windows Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of privileges could an attacker gain through this vulnerability?

An attacker could use this vulnerability to elevate privileges from Low Integrity Level in a contained ("sandboxed") excution environment to escalate to a Medium Integrity Level or a High Integrity Level. Please refer to https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation and https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control


Mitigations:
None
Workarounds:
None
Revision:
1.0    2022-10-11T07:00:00    

Information published.


 Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2022-37986
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5018425 (Security Update) Important Elevation of Privilege 5017327 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 for x64-based Systems 5018425 (Security Update) Important Elevation of Privilege 5017327 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for 32-bit Systems 5018411 (Security Update) Important Elevation of Privilege 5017305 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1607 for x64-based Systems 5018411 (Security Update) Important Elevation of Privilege 5017305 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for 32-bit Systems 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for ARM64-based Systems 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 1809 for x64-based Systems 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for 32-bit Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for ARM64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 20H2 for x64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for 32-bit Systems 5018410 (Security Update) Important Elevation of Privilege 5017308
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for ARM64-based Systems 5018410 (Security Update) Important Elevation of Privilege 5017308
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H1 for x64-based Systems 5018410 (Security Update) Important Elevation of Privilege 5017308
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for 32-bit Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for ARM64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 10 Version 21H2 for x64-based Systems 5018410 (Security Update) Important Elevation of Privilege
5017308		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for ARM64-based Systems 5018418 (Security Update) Important Elevation of Privilege 5017321
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 for x64-based Systems 5018418 (Security Update) Important Elevation of Privilege 5017321
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for ARM64-based Systems 5018427 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 11 Version 22H2 for x64-based Systems 5018427 (Security Update) Important Elevation of Privilege Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for 32-bit Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Elevation of Privilege 5017361
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 7 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Elevation of Privilege 5017361
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for 32-bit systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Elevation of Privilege 5017367
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows 8.1 for x64-based systems 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Elevation of Privilege 5017367
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows RT 8.1 5018474 (Monthly Rollup) Important Elevation of Privilege
5017367		 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Elevation of Privilege 5017358
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Elevation of Privilege 5017358
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Elevation of Privilege 5017358
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5018450 (Monthly Rollup)
5018446 (Security Only)		 Important Elevation of Privilege 5017358
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Elevation of Privilege 5017361
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5018454 (Monthly Rollup)
5018479 (Security Only)		 Important Elevation of Privilege 5017361
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Elevation of Privilege 5017370
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 (Server Core installation) 5018457 (Monthly Rollup)
5018478 (Security Only)		 Important Elevation of Privilege 5017370
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Elevation of Privilege 5017367
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2012 R2 (Server Core installation) 5018474 (Monthly Rollup)
5018476 (Security Only)		 Important Elevation of Privilege 5017367
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 5018411 (Security Update) Important Elevation of Privilege 5017305 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2016 (Server Core installation) 5018411 (Security Update) Important Elevation of Privilege 5017305 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2019 (Server Core installation) 5018419 (Security Update) Important Elevation of Privilege 5017315
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 5018421 (Security Update) Important Elevation of Privilege 5017316
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes
Windows Server 2022 (Server Core installation) 5018421 (Security Update) Important Elevation of Privilege 5017316
 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2022-37986 Marcin Wiazowski working with Trend Micro Zero Day Initiative

CVE-2022-37987 - Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2022-37987
MITRE
NVD		 CVE Title: Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.1 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged