Rewterz Threat Advisory – Multiple Microsoft Vulnerabilities

Rewterz Threat Advisory – Google Android Vulnerability

March 9, 2022

Rewterz Threat Alert – Lokibot Malware – Active IOCs

March 9, 2022

Rewterz Threat Advisory – Multiple Microsoft Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-24526

Microsoft Visual Studio Code could allow a remote attacker to conduct spoofing attacks to cause an impact on confidentiality and integrity.

CVE-2022-24525

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Update Stack component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-24522

Skype Extension for Chrome could allow a remote attacker to obtain sensitive information. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-24520

Microsoft Azure Site Recovery could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-24471

CVE-2022-24519

Microsoft Azure Site Recovery could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-24518

CVE-2022-24470

CVE-2022-24517

CVE-2022-24469

CVE-2022-24468

CVE-2022-24511

Microsoft Office Word is vulnerable to tampering. A local attacker could exploit this vulnerability to launch further attacks.

CVE-2022-24462

Microsoft Word could allow a remote attacker to bypass security restrictions. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality and availability.

CVE-2022-24510

Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-24461

CVE-2022-24509

CVE-2022-24460

Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the Tablet Windows User Interface Application. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-24508

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in the SMBv3 Client/Server. By sending a specially-crafted SMB packet to a computer connected to an SMB Server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-24505

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the ALPC. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23297

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the NT Lan Manager Datagram Receiver Driver. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-23288

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DWM Core Library component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23287

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the ALPC. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23286

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cloud Files Mini Filter Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23286

CVE-2022-23285

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Desktop Client component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-23284

Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23283

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the ALPC. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23282

Microsoft Paint 3D could allow a local attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-23281

Microsoft Windows could allow a local attacker to obtain sensitive information, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-23278

Microsoft Defender for Endpoint could allow a remote attacker to conduct spoofing attacks.

CVE-2022-23277

Microsoft Exchange Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-23253

Microsoft Windows is vulnerable to a denial of service, caused by an error in the Point-to-Point Tunneling Protocol. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-21973

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Media Center Update. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-24467

CVE-2022-24515

CVE-2022-24465

Microsoft Intune Company Portal for iOS could allow a local authenticated attacker to bypass security restrictions. By executing a specially-crafted program, an attacker could exploit this vulnerability to bypass security feature to cause an impact on confidentiality and integrity.

CVE-2022-24464

Microsoft ASP.NET Core and Visual Studio are vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-24512

Microsoft .NET Framework could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-24463

Microsoft Exchange Server could allow a remote authenticated attacker to conduct spoofing attacks.

CVE-2022-24459

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fax and Scan Service component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-24507

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Ancillary Function Driver for WinSock component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-24506

CVE-2022-24457

Microsoft HEIF Image Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-24456

Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-24455

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the CD-ROM Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-24503

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Remote Desktop Protocol Client component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-24454

Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the Security Support Provider Interface component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-24502

Microsoft Internet Explorer could allow a remote attacker to bypass security restrictions. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality.

CVE-2022-24501

Microsoft VP9 Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-24453

CVE-2022-24452

Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Desktop Client component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-24451

CVE-2022-22007

CVE-2022-22006

CVE-2022-23301

CVE-2022-23300

Microsoft Raw Image Extension could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-23299

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the PDEV component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23298

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the NT OS Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23296

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-23295

CVE-2022-23294

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Event Tracing component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-23293

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fast FAT File System Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Impact

Unauthorized Access
Privilege Escalation
Information Disclosure
Code Execution
Security Bypass
Denial of Service

Indicators of Compromise

CVE

CVE-2022-24526
CVE-2022-24525
CVE-2022-24522
CVE-2022-24520
CVE-2022-24471
CVE-2022-24519
CVE-2022-24518
CVE-2022-24470
CVE-2022-24517
CVE-2022-24469
CVE-2022-24468
CVE-2022-24511
CVE-2022-24462
CVE-2022-24510
CVE-2022-24461
CVE-2022-24509
CVE-2022-24460
CVE-2022-24508
CVE-2022-24505
CVE-2022-23297
CVE-2022-23288
CVE-2022-23287
CVE-2022-23286
CVE-2022-23286
CVE-2022-23285
CVE-2022-23284
CVE-2022-23283
CVE-2022-23282
CVE-2022-23281
CVE-2022-23278
CVE-2022-23277
CVE-2022-23253
CVE-2022-21973
CVE-2022-24467
CVE-2022-24515
CVE-2022-24465
CVE-2022-24464
CVE-2022-24512
CVE-2022-24463
CVE-2022-24459
CVE-2022-24507
CVE-2022-24506
CVE-2022-24457
CVE-2022-24456
CVE-2022-24455
CVE-2022-24503
CVE-2022-24454
CVE-2022-24502
CVE-2022-24501
CVE-2022-24453
CVE-2022-24452
CVE-2022-24451
CVE-2022-22007
CVE-2022-22006
CVE-2022-23301
CVE-2022-23300
CVE-2022-23299
CVE-2022-23298
CVE-2022-23296
CVE-2022-23295
CVE-2022-23294
CVE-2022-23293

Affected Vendors

Microsoft

Affected Products

Microsoft Visual Studio Code
Microsoft Windows 10 1909 for 32-bit Systems
Microsoft Windows 10 1909 for x64-based Systems
Microsoft Windows 10 1909 for ARM64-based Systems
Microsoft Windows 10 20H2 for 32-bit Systems
Microsoft Skype Extension for Chrome
Microsoft Azure Site Recovery
Microsoft Word 2013 SP1 x32
Microsoft Word 2013 SP1 x64
Microsoft Word 2013 SP1 RT
Microsoft Word 2016 x32
Microsoft Office 2019 x32
Microsoft Office 2019 x64
Microsoft 365 Apps for Enterprise x32
Microsoft 365 Apps for Enterprise x64
Microsoft Windows 10 x32
Microsoft Windows 10 x64
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows 10 20H2 for 32-bit Systems
Microsoft Windows 10 20H2 for ARM64-based Systems
Microsoft Windows 10 20H2 for x64-based Systems
Microsoft Windows Server (Server Core installation) 20H2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 10 x32
Microsoft Windows 10 x64
Microsoft Windows Server 2008 SP2 x32
Microsoft Windows 7 SP1 x32
Microsoft Windows 7 SP1 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2019
Microsoft Windows 10 1809 for x64-based Systems
Microsoft Windows 10 1809 for 32-bit Systems
Microsoft Windows 10 1809 for ARM64-based Systems
Microsoft Windows Server 2019
Microsoft Windows 10 1809 for x64-based Systems
Microsoft Windows 10 1809 for 32-bit Systems
Microsoft Windows 10 1809 for ARM64-based Systems
Microsoft Windows 7 SP1 x32
Microsoft Windows 7 SP1 x64
Microsoft Windows Server 2008 R2 SP1 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012
Microsoft Windows 8.1 x32
Microsoft Windows 8.1 x64
Microsoft Windows Server 2012 R2
Microsoft Paint 3D
Microsoft Defender for Endpoint for Linux
Microsoft Defender for Endpoint for Mac
Microsoft Defender for Endpoint for Windows
Microsoft Exchange Server 2016 CU21
Microsoft Exchange Server 2016 CU22
Microsoft Exchange Server 2019 CU 10
Microsoft Exchange Server 2019 CU 11
Microsoft .NET Core 3.1
Microsoft Visual Studio 2019 16.7
Microsoft Visual Studio 2019 16.9
Microsoft Visual Studio 2019 16.11
Microsoft Exchange Server 2016 CU21
Microsoft Exchange Server 2019 CU10
Microsoft Exchange Server 2016 CU22
Microsoft Exchange Server 2019 CU11
Microsoft Windows 10 1809 for x64-based Systems
Microsoft Windows 10 1809 for 32-bit Systems
Microsoft Windows Server 2016
Microsoft HEVC Video Extensions
Microsoft Windows 7 SP1 x32
Microsoft Windows 7 SP1 x64
Microsoft Windows Server 2012
Microsoft Windows 8.1 x32
Microsoft Raw Image Extension

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.