Rewterz Threat Alert – Hive Ransomware – Active IOCs

July 18, 2022

Rewterz Threat Advisory – CVE-2022-22445 – IBM Security Bulletin Vulnerability

July 19, 2022

Rewterz Threat Advisory –Multiple Microsoft Windows Vulnerabilities

July 19, 2022

Severity

High

Analysis Summary

CVE-2022-30205 CVSS:6.6
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30203 CVSS:7.4
Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in Boot Manager component. An attacker could exploit this vulnerability to bypass security features and cause an impact on confidentiality, integrity and availability.

CVE-2022-30202 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Advanced Local Procedure Call component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22050 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fax Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22049 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client/Server Runtime Subsystem Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22047 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client/Server component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22045 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Windows.Devices.Picker.dll. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22043 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fast FAT File System Driver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22040 CVSS:7.3
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Internet Information Services Dynamic Compression Module. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-22039 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Network File System. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22038 CVSS:8.1
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22037 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in Advanced Local Procedure Call component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22034 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22031 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Credential Guard Domain-joined Public Key. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22029 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Network File System. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22027 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Fax Service. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22026 CVSS:8.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client/Server Runtime Subsystem Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22025 CVSS:7.8
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Internet Information Services Cachuri Module component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-22024 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Fax Service. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22022 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30226 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30225 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Media Player Network Sharing Service component. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2022-30224 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Advanced Local Procedure Call. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30222 CVSS:8.4
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the Shell component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22028 CVSS:5.9
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Network File System. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-22023 CVSS:6.6
Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the Portable Device Enumerator Service. An attacker could exploit this vulnerability to bypass security features and cause an impact on confidentiality, integrity, and availability.

CVE-2022-30223 CVSS:5.7
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Hyper-V component. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-30221 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-30220 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30216 CVSS:8.8
Microsoft Windows is vulnerable to tampering, caused by a flaw in the Server Service component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to execute code on the system.

CVE-2022-30215 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Active Directory Federation Services component. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30214 CVSS:6.6
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the DNS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-30213 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the GDI+ component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-30212 CVSS:4.7
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Connected Devices Platform Service component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-30211 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Layer 2 Tunneling Protocol component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-30209 CVSS:7.4
Microsoft Windows Server could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the IIS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-30208 CVSS:6.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Security Account Manager (SAM) component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-30206 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Impact

Privilege Escalation
Security Bypass
Denial of Service
Code Execution
Information Disclosure
Unauthorized Access

Indicators Of Compromise

CVE

CVE-2022-30205
CVE-2022-30203
CVE-2022-30202
CVE-2022-22050
CVE-2022-22049
CVE-2022-22047
CVE-2022-22045
CVE-2022-22043
CVE-2022-22040
CVE-2022-22039
CVE-2022-22038
CVE-2022-22037
CVE-2022-22034
CVE-2022-22031
CVE-2022-22029
CVE-2022-22027
CVE-2022-22026
CVE-2022-22025
CVE-2022-22024
CVE-2022-22022
CVE-2022-30226
CVE-2022-30225
CVE-2022-30224
CVE-2022-30222
CVE-2022-22028
CVE-2022-22023
CVE-2022-30223
CVE-2022-30221
CVE-2022-30220
CVE-2022-30216
CVE-2022-30215
CVE-2022-30214
CVE-2022-30213
CVE-2022-30212
CVE-2022-30211
CVE-2022-30209
CVE-2022-30208
CVE-2022-30206

Affected Vendors

Microsoft

Affected Products

Microsoft Windows 7 SP1 x32
Microsoft Windows 7 SP1 x64
Microsoft Windows Server 2012
Microsoft Windows 8.1 x32
Microsoft Windows 8.1 x64
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows 10 x32
Microsoft Windows 10 x64
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows 10 1809 for x64-based Systems
Microsoft Windows 10 1809 for 32-bit Systems
Microsoft Windows 10 1809 for ARM64-based Systems
Microsoft Windows 10 1607 for 32-bit Systems
Microsoft Windows 10 1607 for x64-based Systems
Microsoft Windows 10 20H2 for 32-bit Systems
Microsoft Windows 10 20H2 for ARM64-based Systems
Microsoft Windows 10 20H2 for x64-based Systems
Microsoft Windows Server (Server Core installation) 2019
Microsoft Windows Server (Server Core installation) 20H2
Microsoft Windows Server (Server Core installation) 2016
Microsoft Windows Server (Server Core installation) 2012 R2
Microsoft Windows Server (Server Core installation) 2012
Microsoft Windows Server for X64-based systems 2008 R2 SP1
Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
Microsoft Windows Server for 32-bit systems 2008 SP2
Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
Microsoft Windows 10 21H1 for 32-bit Systems
Microsoft Windows 10 21H1 for ARM64-based Systems
Microsoft Windows 10 21H1 for x64-based Systems
Microsoft Windows Server 2022
Microsoft Windows Server (Server Core installation) 2022
Microsoft Windows Server for X64-based systems 2008 SP2
Microsoft Windows 11 x64
Microsoft Windows 11 ARM64
Microsoft Windows 10 21H2 for 32-bit Systems
Microsoft Windows 10 21H2 for ARM64-based Systems
Microsoft Windows 10 21H2 for x64-based Systems

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
CVE-2022-30205
CVE-2022-30203
CVE-2022-30202
CVE-2022-22050
CVE-2022-22049
CVE-2022-22047
CVE-2022-22045
CVE-2022-22043
CVE-2022-22040
CVE-2022-22039
CVE-2022-22038
CVE-2022-22037
CVE-2022-22034
CVE-2022-22031
CVE-2022-22029
CVE-2022-22027
CVE-2022-22026
CVE-2022-22025
CVE-2022-22024
CVE-2022-22022
CVE-2022-30226
CVE-2022-30225
CVE-2022-30224
CVE-2022-30222
CVE-2022-22028
CVE-2022-22023
CVE-2022-30223
CVE-2022-30221
CVE-2022-30220
CVE-2022-30216
CVE-2022-30215
CVE-2022-30214
CVE-2022-30213
CVE-2022-30212
CVE-2022-30211
CVE-2022-30209
CVE-2022-30208
CVE-2022-30206

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2025-24071 – Microsoft Windows Vulnerability

DocSwap Malware Masquerades as Security Document Viewer to Target Android Users Globally – Active IOCs

CISA Alerts on Active Exploitation of Fortinet FortiOS Authentication Bypass Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us