Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
February 9, 2022
Rewterz
Rewterz Threat Advisory – Multiple SAP Vulnerabilties
February 9, 2022

Rewterz Threat Advisory – Multiple Microsoft Vulnerabilities – Patch Tuesday

Severity

High

Analysis Summary

CVE-2022-23252

Microsoft Office could allow a local authenticated attacker to obtain sensitive information,. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-23255

Microsoft OneDrive for Android could allow a local authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality.

CVE-2022-23256

Microsoft Azure Data Explorer could allow a remote attacker to conduct spoofing attacks.

CVE-2022-22709

Microsoft VP9 Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-23269

Microsoft Dynamics GP could allow a remote authenticated attacker to conduct spoofing attacks.

CVE-2022-23271

Microsoft Dynamics GP could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23272

Microsoft Dynamics GP could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23273

Microsoft Dynamics GP could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23274

Microsoft Dynamics GP could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-23276

Microsoft SQL Server for Linux Containers could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23280

Microsoft Outlook for Mac could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality.

CVE-2022-22716

Microsoft Excel could allow a local authenticated attacker to obtain sensitive information,. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-22717

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22718

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-21984

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the DNS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-21985

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Access Connection Manager component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-21986

Microsoft .Net is vulnerable to a denial of service, caused by a flaw in the Kestrel Web Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-21989

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-21991

Microsoft Visual Studio Code could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Development Extension component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-21992

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Mobile Device Management component. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-21993

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Services for NFS ONCRPC XDR Driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-21994

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DWM Core Library component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-21995

Microsoft Windows Hyper-V could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-21996

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-21997

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-21998

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-21999

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22000

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22001

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Remote Access Connection Manager component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22002

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the User Account Profile Picture component. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-22003

Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22004

Microsoft Office ClickToRun could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22005

Microsoft SharePoint Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Denial of Service
  • Information Disclosure
  • Security Bypass
  • Code Execution
  • Unauthorized Access
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2022-23252
  • CVE-2022-23255
  • CVE-2022-23256
  • CVE-2022-22709
  • CVE-2022-23269
  • CVE-2022-23271
  • CVE-2022-23272
  • CVE-2022-23273
  • CVE-2022-23274
  • CVE-2022-23276
  • CVE-2022-23280
  • CVE-2022-22716
  • CVE-2022-22717
  • CVE-2022-22718
  • CVE-2022-21984
  • CVE-2022-21985
  • CVE-2022-21986
  • CVE-2022-21989
  • CVE-2022-21991
  • CVE-2022-21992
  • CVE-2022-21993
  • CVE-2022-21994
  • CVE-2022-21995
  • CVE-2022-21996
  • CVE-2022-21997
  • CVE-2022-21998
  • CVE-2022-21999
  • CVE-2022-22000
  • CVE-2022-22001
  • CVE-2022-22002
  • CVE-2022-22003
  • CVE-2022-22004
  • CVE-2022-22005

Affected Vendors

Microsoft

Affected Products

  • Microsoft Office 2013 SP1 x32
  • Microsoft Office 2013 SP1 x64
  • Microsoft Office 2013 SP1 RT
  • Microsoft Office 2016 x32
  • Microsoft Office 2016 x64
  • Microsoft Office 2019 x32
  • Microsoft Office 2019 x64
  • Microsoft 365 Apps for Enterprise x32
  • Microsoft 365 Apps for Enterprise x64
  • Microsoft Office LTSC 2021 x32
  • Microsoft Office LTSC 2021 x64
  • Microsoft OneDrive for Android
  • Microsoft Azure Data Explorer
  • Microsoft VP9 Video Extensions
  • Microsoft Dynamics GP
  • Microsoft SQL Server 2019 for Linux Containers
  • Microsoft Excel 2013 SP1 x32
  • Microsoft Excel 2013 SP1 x64
  • Microsoft Excel 2013 SP1 RT
  • Microsoft Excel 2016 x32
  • Microsoft Windows 7 SP1 x32
  • Microsoft Windows 7 SP1 x64
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1 x32
  • Microsoft Windows 10 1909 for 32-bit Systems
  • Microsoft Windows 10 1909 for x64-based Systems
  • Microsoft Windows 10 1909 for ARM64-based Systems
  • Microsoft Windows 10 20H2 for 32-bit Systems
  • Microsoft Visual Studio 2019 16.0
  • Microsoft Visual Studio 2019 16.1
  • CONFIDENTIAL 7
  • Microsoft Visual Studio 2019 16.2
  • Microsoft Visual Studio 2019 16.4
  • Microsoft Visual Studio Code
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019
  • Microsoft Windows 10 1809 for x64-based Systems
  • Microsoft Windows 10 1809 for 32-bit Systems
  • Microsoft Windows 8.1 x64
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 10 1809 for ARM64-based Systems
  • Microsoft Windows 10 x64
  • Microsoft Windows 11 x64
  • Microsoft Windows 11 ARM64
  • Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions
  • Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Enterprise Server 2013 SP1
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to
search for available patches.
CVE-2022-23252
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23252
CVE-2022-23255
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23255
CVE-2022-23256
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23256
CVE-2022-22709
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22709
CVE-2022-23269
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23269
CVE-2022-23271
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23271
CVE-2022-23272
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23272
CVE-2022-23273
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23273
CVE-2022-23274
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23274
CVE-2022-23276
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23276
CVE-2022-23280
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23276
CVE-2022-22716
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22716
CVE-2022-22717
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22717
CVE-2022-22718
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22718
CVE-2022-21984
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21984
CVE-2022-21985
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21985
CVE-2022-21986
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21986
CVE-2022-21989
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21989
CVE-2022-21991
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21991
CVE-2022-21992
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21992
CVE-2022-21993
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21993
CVE-2022-21994
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21994
CVE-2022-21995
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21995
CVE-2022-21996
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21996
CVE-2022-21997
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21997
CVE-2022-21998
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21998
CVE-2022-21999
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21999
CVE-2022-22000
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22000
CVE-2022-22001
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22001
CVE-2022-22002
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22002
CVE-2022-22003
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22003
CVE-2022-22004
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22004
CVE-2022-22005
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22005