Rewterz Threat Advisory – CVE-2022-38007 – Microsoft Azure Arc and Azure Guest Configuration Vulnerability
September 14, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
September 14, 2022Rewterz Threat Advisory – CVE-2022-38007 – Microsoft Azure Arc and Azure Guest Configuration Vulnerability
September 14, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
September 14, 2022Severity
High
Analysis Summary
CVE-2022-38010 CVSS:7.8
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-37963 CVSS:7.8
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2022-38010
- CVE-2022-37963
Affected Vendors
- Microsoft
Affected Products
- Microsoft Visio 2013 SP1 x32
- Microsoft Visio 2013 SP1 x64
- Microsoft Visio 2016 x32
- Microsoft Visio 2016 x64
- Microsoft 365 Apps for Enterprise x32
- Microsoft 365 Apps for Enterprise x64
- Microsoft Office for 32-bit editions 2019
- Microsoft Office for 64-bit editions 2019
- Microsoft Office LTSC 2021 x32
- Microsoft Office LTSC 2021 x64
- Microsoft Office 2019 x32
- Microsoft Office 2019 x64
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.