Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023
Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Hive Ransomware – Active IOCs
July 18, 2022Rewterz Threat Advisory – CVE-2022-22445 – IBM Security Bulletin Vulnerability
July 19, 2022
Severity
High
Analysis Summary
CVE-2022-30205 CVSS:6.6
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-30203 CVSS:7.4
Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in Boot Manager component. An attacker could exploit this vulnerability to bypass security features and cause an impact on confidentiality, integrity and availability.
CVE-2022-30202 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Advanced Local Procedure Call component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22050 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fax Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22049 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client/Server Runtime Subsystem Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22047 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client/Server component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22045 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Windows.Devices.Picker.dll. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22043 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Fast FAT File System Driver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22040 CVSS:7.3
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Internet Information Services Dynamic Compression Module. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-22039 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Network File System. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22038 CVSS:8.1
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Remote Procedure Call Runtime component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22037 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in Advanced Local Procedure Call component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22034 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22031 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Credential Guard Domain-joined Public Key. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22029 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Network File System. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22027 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Fax Service. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22026 CVSS:8.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Client/Server Runtime Subsystem Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22025 CVSS:7.8
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Internet Information Services Cachuri Module component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-22024 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Fax Service. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22022 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-30226 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-30225 CVSS:7.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Media Player Network Sharing Service component. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2022-30224 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Advanced Local Procedure Call. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-30222 CVSS:8.4
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the Shell component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22028 CVSS:5.9
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Network File System. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-22023 CVSS:6.6
Microsoft Windows could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the Portable Device Enumerator Service. An attacker could exploit this vulnerability to bypass security features and cause an impact on confidentiality, integrity, and availability.
CVE-2022-30223 CVSS:5.7
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Hyper-V component. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-30221 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-30220 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-30216 CVSS:8.8
Microsoft Windows is vulnerable to tampering, caused by a flaw in the Server Service component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to execute code on the system.
CVE-2022-30215 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Active Directory Federation Services component. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-30214 CVSS:6.6
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the DNS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-30213 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the GDI+ component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-30212 CVSS:4.7
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Connected Devices Platform Service component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-30211 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Layer 2 Tunneling Protocol component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-30209 CVSS:7.4
Microsoft Windows Server could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the IIS Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-30208 CVSS:6.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Security Account Manager (SAM) component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-30206 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Impact
- Privilege Escalation
- Security Bypass
- Denial of Service
- Code Execution
- Information Disclosure
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2022-30205
- CVE-2022-30203
- CVE-2022-30202
- CVE-2022-22050
- CVE-2022-22049
- CVE-2022-22047
- CVE-2022-22045
- CVE-2022-22043
- CVE-2022-22040
- CVE-2022-22039
- CVE-2022-22038
- CVE-2022-22037
- CVE-2022-22034
- CVE-2022-22031
- CVE-2022-22029
- CVE-2022-22027
- CVE-2022-22026
- CVE-2022-22025
- CVE-2022-22024
- CVE-2022-22022
- CVE-2022-30226
- CVE-2022-30225
- CVE-2022-30224
- CVE-2022-30222
- CVE-2022-22028
- CVE-2022-22023
- CVE-2022-30223
- CVE-2022-30221
- CVE-2022-30220
- CVE-2022-30216
- CVE-2022-30215
- CVE-2022-30214
- CVE-2022-30213
- CVE-2022-30212
- CVE-2022-30211
- CVE-2022-30209
- CVE-2022-30208
- CVE-2022-30206
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows 7 SP1 x32
- Microsoft Windows 7 SP1 x64
- Microsoft Windows Server 2012
- Microsoft Windows 8.1 x32
- Microsoft Windows 8.1 x64
- Microsoft Windows Server 2012 R2
- Microsoft Windows RT 8.1
- Microsoft Windows 10 x32
- Microsoft Windows 10 x64
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows 10 20H2 for 32-bit Systems
- Microsoft Windows 10 20H2 for ARM64-based Systems
- Microsoft Windows 10 20H2 for x64-based Systems
- Microsoft Windows Server (Server Core installation) 2019
- Microsoft Windows Server (Server Core installation) 20H2
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows 10 21H1 for 32-bit Systems
- Microsoft Windows 10 21H1 for ARM64-based Systems
- Microsoft Windows 10 21H1 for x64-based Systems
- Microsoft Windows Server 2022
- Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 11 x64
- Microsoft Windows 11 ARM64
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
CVE-2022-30205
CVE-2022-30203
CVE-2022-30202
CVE-2022-22050
CVE-2022-22049
CVE-2022-22047
CVE-2022-22045
CVE-2022-22043
CVE-2022-22040
CVE-2022-22039
CVE-2022-22038
CVE-2022-22037
CVE-2022-22034
CVE-2022-22031
CVE-2022-22029
CVE-2022-22027
CVE-2022-22026
CVE-2022-22025
CVE-2022-22024
CVE-2022-22022
CVE-2022-30226
CVE-2022-30225
CVE-2022-30224
CVE-2022-30222
CVE-2022-22028
CVE-2022-22023
CVE-2022-30223
CVE-2022-30221
CVE-2022-30220
CVE-2022-30216
CVE-2022-30215
CVE-2022-30214
CVE-2022-30213
CVE-2022-30212
CVE-2022-30211
CVE-2022-30209
CVE-2022-30208
CVE-2022-30206