Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
November 9, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
November 9, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
November 9, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
November 9, 2022Severity
High
Analysis Summary
CVE-2022-37992 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Group Policy Preference Client component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2022-38014 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Subsystem for Linux kernel component. By winning a race condition, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2022-37966 CVSS:8.1
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the Kerberos RC4-HMAC component. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain administrative privileges.
CVE-2022-41100 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Advanced Local Procedure Call (ALPC) component. By winning a race condition, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41058 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Network Address Translation (NAT) component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-41101 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Overlay Filter component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41102 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Overlay Filter component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-38015 CVSS:6.5
Microsoft Windows Hyper-V is vulnerable to a denial of service. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-37967 CVSS:7.2
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kerberos component. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain administrative privileges.
CVE-2022-38023 CVSS:8.1
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the Netlogon RPC. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2022-41039 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Point-to-Point Tunneling Protocol. By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the RAS server machine.
CVE-2022-41086 CVSS:6.4
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Group Policy Preference Client component. By winning a race condition, an authenticated attacker could exploit this vulnerability to gain domain administrator privileges.
CVE-2022-41044 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Point-to-Point Tunneling Protocol. By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the RAS server machine.
CVE-2022-41088 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Point-to-Point Tunneling Protocol. By sending a specially-crafted PPTP packet to a PPTP server, an attacker could exploit this vulnerability to execute arbitrary code on the server side.
CVE-2022-41045 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Local Procedure Call (ALPC) component. By winning a race condition, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41090 CVSS:5.9
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Point-to-Point Tunneling Protocol. By winning a race condition, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-41047 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the ODBC Driver component. By persuading a victim to connect to a malicious SQL server via ODBC, an attacker could exploit this vulnerability to execute arbitrary code on the victim’s machine with the permission level at which Access is running.
CVE-2022-41048 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the ODBC Driver component. By persuading a victim to connect to a malicious SQL server via ODBC, an attacker could exploit this vulnerability to execute arbitrary code on the victim’s machine with the permission level at which Access is running.
CVE-2022-41091 CVSS:5.4
Microsoft Windows could allow a remote attacker to bypass security restrictions, caused by a flaw in the Mark of the Web Security feature. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass security features.
CVE-2022-41092 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain limited SYSTEM privileges.
CVE-2022-41049 CVSS:5.4
Microsoft Windows could allow a remote attacker to bypass security restrictions, caused by a flaw in the Mark of the Web component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass security features.
CVE-2022-41093 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Advanced Local Procedure Call (ALPC) component. By winning a race condition, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41050 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Extensible File Allocation Table component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41052 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-41095 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Digital Media Receiver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41053 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Kerberos component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-41096 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DWM Core Library. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41054 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Resilient File System (ReFS) component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41097 CVSS:6.5
Microsoft Window could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Network Policy Server (NPS) RADIUS Protocol component. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from memory in the process heap and use this information to launch further attacks against the affected system.
CVE-2022-41055 CVSS:5.5
Microsoft .NET Framework could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Devices Human Interface component. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information from Kernel memory and use this information to launch further attacks against the affected system.
CVE-2022-41098 CVSS:5.5
Microsoft .NET Framework could allow a remote attacker to obtain sensitive information, caused by a flaw in the GDI+ component. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information from heap memory and use this information to launch further attacks against the affected system.
CVE-2022-41056 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Network Policy Server (NPS) RADIUS Protocol component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-41099 CVSS:4.6
Microsoft Windows could allow a local attacker to bypass security restrictions, caused by a flaw in the BitLocker component. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to bypass the BitLocker Device Encryption feature to access encrypted data.
CVE-2022-41057 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the HTTP.sys component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41060 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the HTTP.sys component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41109 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41113 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32 Kernel Subsystem component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2022-41114 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Bind Filter Driver component. By winning a race condition, an authenticated attacker could exploit this vulnerability to gain administrative privileges.
CVE-2022-41116 CVSS:5.9
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Point-to-Point Tunneling Protocol component. By winning a race condition, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-41073 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-41118 CVSS:7.5
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Scripting Languages component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-41120 CVSS:7.8
Microsoft Windows Sysmon could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-41125 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the CNG Key Isolation Service component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-41128 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Network Scripting Languages component. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Privilege Escalation
- Denial of Service
- Code Execution
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-37992
- CVE-2022-38014
- CVE-2022-37966
- CVE-2022-41100
- CVE-2022-41058
- CVE-2022-41101
- CVE-2022-41102
- CVE-2022-38015
- CVE-2022-37967
- CVE-2022-38023
- CVE-2022-41039
- CVE-2022-41086
- CVE-2022-41044
- CVE-2022-41088
- CVE-2022-41045
- CVE-2022-41090
- CVE-2022-41047
- CVE-2022-41048
- CVE-2022-41091
- CVE-2022-41092
- CVE-2022-41049
- CVE-2022-41093
- CVE-2022-41050
- CVE-2022-41052
- CVE-2022-41095
- CVE-2022-41053
- CVE-2022-41096
- CVE-2022-41054
- CVE-2022-41097
- CVE-2022-41055
- CVE-2022-41098
- CVE-2022-41056
- CVE-2022-41099
- CVE-2022-41057
- CVE-2022-41060
- CVE-2022-41109
- CVE-2022-41113
- CVE-2022-41114
- CVE-2022-41116
- CVE-2022-41073
- CVE-2022-41118
- CVE-2022-41120
- CVE-2022-41125
- CVE-2022-41128
Affected Vendors
Microsoft
Affected Products
Microsoft Windows 7 SP1 x32
Microsoft Windows 7 SP1 x64
Microsoft Windows Server 2012
Microsoft Windows 8.1 x32
Microsoft Windows 8.1 x64
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows 10 x32
Microsoft Windows 10 x64
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows 10 1809 for x64-based Systems
Microsoft Windows 10 1809 for 32-bit Systems
Microsoft Windows 10 1809 for ARM64-based Systems
Microsoft Windows 10 1607 for 32-bit Systems
Microsoft Windows 10 1607 for x64-based Systems
Microsoft Windows 10 20H2 for 32-bit Systems
Microsoft Windows 10 20H2 for ARM64-based Systems
Microsoft Windows 10 20H2 for x64-based Systems
Microsoft Windows Server (Server Core installation) 2019
Microsoft Windows Server (Server Core installation) 2016
Microsoft Windows Server (Server Core installation) 2012 R2
Microsoft Windows Server (Server Core installation) 2012
Microsoft Windows Server for X64-based systems 2008 R2 SP1
Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
Microsoft Windows Server for 32-bit systems 2008 SP2
Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
Microsoft Windows 10 21H1 for 32-bit Systems
Microsoft Windows 10 21H1 for ARM64-based Systems
Microsoft Windows 10 21H1 for x64-based Systems
Microsoft Windows Server 2022
Microsoft Windows Server (Server Core installation) 2022
Microsoft Windows Server for X64-based systems 2008 SP2
Microsoft Windows 11 x64
Microsoft Windows 11 ARM64
Microsoft Windows 10 21H2 for 32-bit Systems
Microsoft Windows 10 21H2 for ARM64-based Systems
Microsoft Windows 10 21H2 for x64-based Systems
Microsoft Windows Server 2022 Azure Edition Core Hotpatch
Microsoft Windows 11 22H2 for ARM64-based Systems
Microsoft Windows 11 22H2 for x64-based Systems
Microsoft Windows 10 22H2 for 32-bit Systems
Microsoft Windows 10 22H2 for ARM64-based Systems
Microsoft Windows 10 22H2 for x64-based Systems
Microsoft Windows Server (Server Core installation) 22H2
Microsoft Windows Subsystem for Linux WSL 2
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
CVE-2022-37992
CVE-2022-38014
CVE-2022-37966
CVE-2022-41100
CVE-2022-41058
CVE-2022-41101
CVE-2022-41102
CVE-2022-38015
CVE-2022-37967
CVE-2022-38023
CVE-2022-41039
CVE-2022-41086
CVE-2022-41044
CVE-2022-41088
CVE-2022-41045
CVE-2022-41090
CVE-2022-41047
CVE-2022-41048
CVE-2022-41091
CVE-2022-41092
CVE-2022-41049
CVE-2022-41093
CVE-2022-41050
CVE-2022-41052
CVE-2022-41095
CVE-2022-41053
CVE-2022-41096
CVE-2022-41054
CVE-2022-41097
CVE-2022-41055
CVE-2022-41098
CVE-2022-41056
CVE-2022-41099
CVE-2022-41057
CVE-2022-41060
CVE-2022-41109
CVE-2022-41113
CVE-2022-41114
CVE-2022-41116
CVE-2022-41073
CVE-2022-41118
CVE-2022-41120
CVE-2022-41125
CVE-2022-41128