Request a Demo
Rewterz
Rewterz Threat Alert – Hive Ransomware – Active IOCs
July 18, 2022
Rewterz
Rewterz Threat Advisory – CVE-2022-22445 – IBM Security Bulletin Vulnerability
July 19, 2022

Rewterz Threat Advisory –Multiple Microsoft Windows Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-30205 CVSS:6.6
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30203 CVSS:7.4
Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in Boot Manager component. An attacker could exploit this vulnerability to bypass security features and cause an impact on confidentiality, integrity and availability.

CVE-2022-30202 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Advanced Local Procedure Call component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22050 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fax Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22049 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client/Server Runtime Subsystem Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22047 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client/Server component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22045 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Windows.Devices.Picker.dll. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22043 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fast FAT File System Driver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22040 CVSS:7.3
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Internet Information Services Dynamic Compression Module. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-22039 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Network File System. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22038 CVSS:8.1
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22037 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in Advanced Local Procedure Call component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22034 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22031 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Credential Guard Domain-joined Public Key. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22029 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Network File System. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22027 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Fax Service. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22026 CVSS:8.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client/Server Runtime Subsystem Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22025 CVSS:7.8
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Internet Information Services Cachuri Module component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-22024 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Fax Service. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22022 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30226 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30225 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Media Player Network Sharing Service component. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2022-30224 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Advanced Local Procedure Call. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30222 CVSS:8.4
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the Shell component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22028 CVSS:5.9
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Network File System. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-22023 CVSS:6.6
Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the Portable Device Enumerator Service. An attacker could exploit this vulnerability to bypass security features and cause an impact on confidentiality, integrity, and availability.

CVE-2022-30223 CVSS:5.7
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Hyper-V component. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-30221 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-30220 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30216 CVSS:8.8
Microsoft Windows is vulnerable to tampering, caused by a flaw in the Server Service component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to execute code on the system.

CVE-2022-30215 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Active Directory Federation Services component. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30214 CVSS:6.6
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the DNS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-30213 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the GDI+ component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-30212 CVSS:4.7
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Connected Devices Platform Service component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-30211 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Layer 2 Tunneling Protocol component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-30209 CVSS:7.4
Microsoft Windows Server could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the IIS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30208 CVSS:6.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Security Account Manager (SAM) component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-30206 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Impact

  • Privilege Escalation
  • Security Bypass
  • Denial of Service
  • Code Execution
  • Information Disclosure
  • Unauthorized Access

Indicators Of Compromise

CVE

  • CVE-2022-30205
  • CVE-2022-30203
  • CVE-2022-30202
  • CVE-2022-22050
  • CVE-2022-22049
  • CVE-2022-22047
  • CVE-2022-22045
  • CVE-2022-22043
  • CVE-2022-22040
  • CVE-2022-22039
  • CVE-2022-22038
  • CVE-2022-22037
  • CVE-2022-22034
  • CVE-2022-22031
  • CVE-2022-22029
  • CVE-2022-22027
  • CVE-2022-22026
  • CVE-2022-22025
  • CVE-2022-22024
  • CVE-2022-22022
  • CVE-2022-30226
  • CVE-2022-30225
  • CVE-2022-30224
  • CVE-2022-30222
  • CVE-2022-22028
  • CVE-2022-22023
  • CVE-2022-30223
  • CVE-2022-30221
  • CVE-2022-30220
  • CVE-2022-30216
  • CVE-2022-30215
  • CVE-2022-30214
  • CVE-2022-30213
  • CVE-2022-30212
  • CVE-2022-30211
  • CVE-2022-30209
  • CVE-2022-30208
  • CVE-2022-30206

Affected Vendors

  • Microsoft

Affected Products

  • Microsoft Windows 7 SP1 x32
  • Microsoft Windows 7 SP1 x64
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1 x32
  • Microsoft Windows 8.1 x64
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows RT 8.1
  • Microsoft Windows 10 x32
  • Microsoft Windows 10 x64
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019
  • Microsoft Windows 10 1809 for x64-based Systems
  • Microsoft Windows 10 1809 for 32-bit Systems
  • Microsoft Windows 10 1809 for ARM64-based Systems
  • Microsoft Windows 10 1607 for 32-bit Systems
  • Microsoft Windows 10 1607 for x64-based Systems
  • Microsoft Windows 10 20H2 for 32-bit Systems
  • Microsoft Windows 10 20H2 for ARM64-based Systems
  • Microsoft Windows 10 20H2 for x64-based Systems
  • Microsoft Windows Server (Server Core installation) 2019
  • Microsoft Windows Server (Server Core installation) 20H2
  • Microsoft Windows Server (Server Core installation) 2016
  • Microsoft Windows Server (Server Core installation) 2012 R2
  • Microsoft Windows Server (Server Core installation) 2012
  • Microsoft Windows Server for X64-based systems 2008 R2 SP1
  • Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
  • Microsoft Windows Server for 32-bit systems 2008 SP2
  • Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
  • Microsoft Windows 10 21H1 for 32-bit Systems
  • Microsoft Windows 10 21H1 for ARM64-based Systems
  • Microsoft Windows 10 21H1 for x64-based Systems
  • Microsoft Windows Server 2022
  • Microsoft Windows Server (Server Core installation) 2022
  • Microsoft Windows Server for X64-based systems 2008 SP2
  • Microsoft Windows 11 x64
  • Microsoft Windows 11 ARM64
  • Microsoft Windows 10 21H2 for 32-bit Systems
  • Microsoft Windows 10 21H2 for ARM64-based Systems
  • Microsoft Windows 10 21H2 for x64-based Systems

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
CVE-2022-30205 
CVE-2022-30203 
CVE-2022-30202 
CVE-2022-22050 
CVE-2022-22049 
CVE-2022-22047 
CVE-2022-22045 
CVE-2022-22043 
CVE-2022-22040 
CVE-2022-22039 
CVE-2022-22038 
CVE-2022-22037
CVE-2022-22034 
CVE-2022-22031 
CVE-2022-22029 
CVE-2022-22027 
CVE-2022-22026 
CVE-2022-22025 
CVE-2022-22024 
CVE-2022-22022 
CVE-2022-30226 
CVE-2022-30225 
CVE-2022-30224 
CVE-2022-30222 
CVE-2022-22028 
CVE-2022-22023 
CVE-2022-30223 
CVE-2022-30221 
CVE-2022-30220 
CVE-2022-30216 
CVE-2022-30215 
CVE-2022-30214 
CVE-2022-30213 
CVE-2022-30212 
CVE-2022-30211 
CVE-2022-30209 
CVE-2022-30208 
CVE-2022-30206