March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
February 9, 2022
Rewterz Threat Advisory – Multiple SAP Vulnerabilties
February 9, 2022
Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
February 9, 2022
Rewterz Threat Advisory – Multiple SAP Vulnerabilties
February 9, 2022
Severity
High
Analysis Summary
CVE-2022-23252
Microsoft Office could allow a local authenticated attacker to obtain sensitive information,. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-23255
Microsoft OneDrive for Android could allow a local authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality.
CVE-2022-23256
Microsoft Azure Data Explorer could allow a remote attacker to conduct spoofing attacks.
CVE-2022-22709
Microsoft VP9 Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23269
Microsoft Dynamics GP could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2022-23271
Microsoft Dynamics GP could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23272
Microsoft Dynamics GP could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23273
Microsoft Dynamics GP could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23274
Microsoft Dynamics GP could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23276
Microsoft SQL Server for Linux Containers could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23280
Microsoft Outlook for Mac could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality.
CVE-2022-22716
Microsoft Excel could allow a local authenticated attacker to obtain sensitive information,. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-22717
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22718
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-21984
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the DNS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-21985
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Access Connection Manager component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-21986
Microsoft .Net is vulnerable to a denial of service, caused by a flaw in the Kestrel Web Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-21989
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-21991
Microsoft Visual Studio Code could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Development Extension component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-21992
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Mobile Device Management component. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-21993
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Services for NFS ONCRPC XDR Driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-21994
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DWM Core Library component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-21995
Microsoft Windows Hyper-V could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-21996
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-21997
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-21998
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-21999
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22000
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22001
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Remote Access Connection Manager component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22002
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the User Account Profile Picture component. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-22003
Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22004
Microsoft Office ClickToRun could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22005
Microsoft SharePoint Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Denial of Service
- Information Disclosure
- Security Bypass
- Code Execution
- Unauthorized Access
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2022-23252
- CVE-2022-23255
- CVE-2022-23256
- CVE-2022-22709
- CVE-2022-23269
- CVE-2022-23271
- CVE-2022-23272
- CVE-2022-23273
- CVE-2022-23274
- CVE-2022-23276
- CVE-2022-23280
- CVE-2022-22716
- CVE-2022-22717
- CVE-2022-22718
- CVE-2022-21984
- CVE-2022-21985
- CVE-2022-21986
- CVE-2022-21989
- CVE-2022-21991
- CVE-2022-21992
- CVE-2022-21993
- CVE-2022-21994
- CVE-2022-21995
- CVE-2022-21996
- CVE-2022-21997
- CVE-2022-21998
- CVE-2022-21999
- CVE-2022-22000
- CVE-2022-22001
- CVE-2022-22002
- CVE-2022-22003
- CVE-2022-22004
- CVE-2022-22005
Affected Vendors
Microsoft
Affected Products
- Microsoft Office 2013 SP1 x32
- Microsoft Office 2013 SP1 x64
- Microsoft Office 2013 SP1 RT
- Microsoft Office 2016 x32
- Microsoft Office 2016 x64
- Microsoft Office 2019 x32
- Microsoft Office 2019 x64
- Microsoft 365 Apps for Enterprise x32
- Microsoft 365 Apps for Enterprise x64
- Microsoft Office LTSC 2021 x32
- Microsoft Office LTSC 2021 x64
- Microsoft OneDrive for Android
- Microsoft Azure Data Explorer
- Microsoft VP9 Video Extensions
- Microsoft Dynamics GP
- Microsoft SQL Server 2019 for Linux Containers
- Microsoft Excel 2013 SP1 x32
- Microsoft Excel 2013 SP1 x64
- Microsoft Excel 2013 SP1 RT
- Microsoft Excel 2016 x32
- Microsoft Windows 7 SP1 x32
- Microsoft Windows 7 SP1 x64
- Microsoft Windows Server 2012
- Microsoft Windows 8.1 x32
- Microsoft Windows 10 1909 for 32-bit Systems
- Microsoft Windows 10 1909 for x64-based Systems
- Microsoft Windows 10 1909 for ARM64-based Systems
- Microsoft Windows 10 20H2 for 32-bit Systems
- Microsoft Visual Studio 2019 16.0
- Microsoft Visual Studio 2019 16.1
- CONFIDENTIAL 7
- Microsoft Visual Studio 2019 16.2
- Microsoft Visual Studio 2019 16.4
- Microsoft Visual Studio Code
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 8.1 x64
- Microsoft Windows Server 2012 R2
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows 10 x64
- Microsoft Windows 11 x64
- Microsoft Windows 11 ARM64
- Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions
- Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Enterprise Server 2013 SP1
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to
search for available patches.
CVE-2022-23252
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23252
CVE-2022-23255
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23255
CVE-2022-23256
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23256
CVE-2022-22709
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22709
CVE-2022-23269
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23269
CVE-2022-23271
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23271
CVE-2022-23272
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23272
CVE-2022-23273
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23273
CVE-2022-23274
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23274
CVE-2022-23276
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23276
CVE-2022-23280
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23276
CVE-2022-22716
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22716
CVE-2022-22717
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22717
CVE-2022-22718
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22718
CVE-2022-21984
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21984
CVE-2022-21985
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21985
CVE-2022-21986
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21986
CVE-2022-21989
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21989
CVE-2022-21991
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21991
CVE-2022-21992
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21992
CVE-2022-21993
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21993
CVE-2022-21994
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21994
CVE-2022-21995
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21995
CVE-2022-21996
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21996
CVE-2022-21997
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21997
CVE-2022-21998
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21998
CVE-2022-21999
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-21999
CVE-2022-22000
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22000
CVE-2022-22001
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22001
CVE-2022-22002
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22002
CVE-2022-22003
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22003
CVE-2022-22004
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22004
CVE-2022-22005
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-22005