Rewterz Threat Advisory – Google Android Vulnerability
March 9, 2022Rewterz Threat Alert – Lokibot Malware – Active IOCs
March 9, 2022Rewterz Threat Advisory – Google Android Vulnerability
March 9, 2022Rewterz Threat Alert – Lokibot Malware – Active IOCs
March 9, 2022Severity
High
Analysis Summary
CVE-2022-24526
Microsoft Visual Studio Code could allow a remote attacker to conduct spoofing attacks to cause an impact on confidentiality and integrity.
CVE-2022-24525
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Update Stack component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24522
Skype Extension for Chrome could allow a remote attacker to obtain sensitive information. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2022-24520
Microsoft Azure Site Recovery could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24471
Microsoft Azure Site Recovery could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24519
Microsoft Azure Site Recovery could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24518
Microsoft Azure Site Recovery could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24470
Microsoft Azure Site Recovery could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24517
Microsoft Azure Site Recovery could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24469
Microsoft Azure Site Recovery could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24468
Microsoft Azure Site Recovery could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24511
Microsoft Office Word is vulnerable to tampering. A local attacker could exploit this vulnerability to launch further attacks.
CVE-2022-24462
Microsoft Word could allow a remote attacker to bypass security restrictions. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality and availability.
CVE-2022-24510
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24461
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24509
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24460
Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the Tablet Windows User Interface Application. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24508
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in the SMBv3 Client/Server. By sending a specially-crafted SMB packet to a computer connected to an SMB Server, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24505
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the ALPC. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23297
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the NT Lan Manager Datagram Receiver Driver. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2022-23288
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DWM Core Library component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23287
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the ALPC. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23286
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cloud Files Mini Filter Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23286
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cloud Files Mini Filter Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23285
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Desktop Client component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23284
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23283
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the ALPC. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23282
Microsoft Paint 3D could allow a local attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23281
Microsoft Windows could allow a local attacker to obtain sensitive information, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2022-23278
Microsoft Defender for Endpoint could allow a remote attacker to conduct spoofing attacks.
CVE-2022-23277
Microsoft Exchange Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23253
Microsoft Windows is vulnerable to a denial of service, caused by an error in the Point-to-Point Tunneling Protocol. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-21973
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Media Center Update. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-24467
Microsoft Azure Site Recovery could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24515
Microsoft Azure Site Recovery could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24465
Microsoft Intune Company Portal for iOS could allow a local authenticated attacker to bypass security restrictions. By executing a specially-crafted program, an attacker could exploit this vulnerability to bypass security feature to cause an impact on confidentiality and integrity.
CVE-2022-24464
Microsoft ASP.NET Core and Visual Studio are vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-24512
Microsoft .NET Framework could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24463
Microsoft Exchange Server could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2022-24459
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fax and Scan Service component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24507
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Ancillary Function Driver for WinSock component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24506
Microsoft Azure Site Recovery could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24457
Microsoft HEIF Image Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24456
Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24455
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the CD-ROM Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24503
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Remote Desktop Protocol Client component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2022-24454
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the Security Support Provider Interface component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-24502
Microsoft Internet Explorer could allow a remote attacker to bypass security restrictions. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality.
CVE-2022-24501
Microsoft VP9 Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24453
Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24452
Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Desktop Client component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-24451
Microsoft VP9 Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.\
CVE-2022-22007
Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22006
Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23301
Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23300
Microsoft Raw Image Extension could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23299
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the PDEV component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23298
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the NT OS Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23296
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-23295
Microsoft Raw Image Extension could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23294
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Event Tracing component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23293
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fast FAT File System Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Impact
- Unauthorized Access
- Privilege Escalation
- Information Disclosure
- Code Execution
- Security Bypass
- Denial of Service
Indicators of Compromise
CVE
CVE-2022-24526
CVE-2022-24525
CVE-2022-24522
CVE-2022-24520
CVE-2022-24471
CVE-2022-24519
CVE-2022-24518
CVE-2022-24470
CVE-2022-24517
CVE-2022-24469
CVE-2022-24468
CVE-2022-24511
CVE-2022-24462
CVE-2022-24510
CVE-2022-24461
CVE-2022-24509
CVE-2022-24460
CVE-2022-24508
CVE-2022-24505
CVE-2022-23297
CVE-2022-23288
CVE-2022-23287
CVE-2022-23286
CVE-2022-23286
CVE-2022-23285
CVE-2022-23284
CVE-2022-23283
CVE-2022-23282
CVE-2022-23281
CVE-2022-23278
CVE-2022-23277
CVE-2022-23253
CVE-2022-21973
CVE-2022-24467
CVE-2022-24515
CVE-2022-24465
CVE-2022-24464
CVE-2022-24512
CVE-2022-24463
CVE-2022-24459
CVE-2022-24507
CVE-2022-24506
CVE-2022-24457
CVE-2022-24456
CVE-2022-24455
CVE-2022-24503
CVE-2022-24454
CVE-2022-24502
CVE-2022-24501
CVE-2022-24453
CVE-2022-24452
CVE-2022-24451
CVE-2022-22007
CVE-2022-22006
CVE-2022-23301
CVE-2022-23300
CVE-2022-23299
CVE-2022-23298
CVE-2022-23296
CVE-2022-23295
CVE-2022-23294
CVE-2022-23293
Affected Vendors
Microsoft
Affected Products
Microsoft Visual Studio Code
Microsoft Windows 10 1909 for 32-bit Systems
Microsoft Windows 10 1909 for x64-based Systems
Microsoft Windows 10 1909 for ARM64-based Systems
Microsoft Windows 10 20H2 for 32-bit Systems
Microsoft Skype Extension for Chrome
Microsoft Azure Site Recovery
Microsoft Word 2013 SP1 x32
Microsoft Word 2013 SP1 x64
Microsoft Word 2013 SP1 RT
Microsoft Word 2016 x32
Microsoft Office 2019 x32
Microsoft Office 2019 x64
Microsoft 365 Apps for Enterprise x32
Microsoft 365 Apps for Enterprise x64
Microsoft Windows 10 x32
Microsoft Windows 10 x64
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows 10 20H2 for 32-bit Systems
Microsoft Windows 10 20H2 for ARM64-based Systems
Microsoft Windows 10 20H2 for x64-based Systems
Microsoft Windows Server (Server Core installation) 20H2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 10 x32
Microsoft Windows 10 x64
Microsoft Windows Server 2008 SP2 x32
Microsoft Windows 7 SP1 x32
Microsoft Windows 7 SP1 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2019
Microsoft Windows 10 1809 for x64-based Systems
Microsoft Windows 10 1809 for 32-bit Systems
Microsoft Windows 10 1809 for ARM64-based Systems
Microsoft Windows Server 2019
Microsoft Windows 10 1809 for x64-based Systems
Microsoft Windows 10 1809 for 32-bit Systems
Microsoft Windows 10 1809 for ARM64-based Systems
Microsoft Windows 7 SP1 x32
Microsoft Windows 7 SP1 x64
Microsoft Windows Server 2008 R2 SP1 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012
Microsoft Windows 8.1 x32
Microsoft Windows 8.1 x64
Microsoft Windows Server 2012 R2
Microsoft Paint 3D
Microsoft Defender for Endpoint for Linux
Microsoft Defender for Endpoint for Mac
Microsoft Defender for Endpoint for Windows
Microsoft Exchange Server 2016 CU21
Microsoft Exchange Server 2016 CU22
Microsoft Exchange Server 2019 CU 10
Microsoft Exchange Server 2019 CU 11
Microsoft .NET Core 3.1
Microsoft Visual Studio 2019 16.7
Microsoft Visual Studio 2019 16.9
Microsoft Visual Studio 2019 16.11
Microsoft Exchange Server 2016 CU21
Microsoft Exchange Server 2019 CU10
Microsoft Exchange Server 2016 CU22
Microsoft Exchange Server 2019 CU11
Microsoft Windows 10 1809 for x64-based Systems
Microsoft Windows 10 1809 for 32-bit Systems
Microsoft Windows Server 2016
Microsoft HEVC Video Extensions
Microsoft Windows 7 SP1 x32
Microsoft Windows 7 SP1 x64
Microsoft Windows Server 2012
Microsoft Windows 8.1 x32
Microsoft Raw Image Extension
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.