• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – ICS: Siemens SIMATIC CP 442-1 and CP 443-1 RNA Vulnerability
May 11, 2022
Rewterz Threat Advisory – CVE-2022-29885 – Apache Tomcat Vulnerability
May 12, 2022

Rewterz Threat Advisory – Multiple Windows Vulnerabilties

May 11, 2022

Severity

High

Analysis Summary

CVE-2022-26927 CVSS:8.8


Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the GDI+ component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-26930 CVSS:5.5


Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Access Connection Manager component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-26931 CVSS:7.5


Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kerberos component. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-26932 CVSS:8.2


Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cluster Shared Volume (CSV). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-26933 CVSS:5.5


Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Network File System. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-26934 CVSS:6.5


Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-26935 CVSS:.6.5


Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the WLAN AutoConfig Service. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-26936 CVSS:.6.5


Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Network File System. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-26938 CVSS:7


Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cluster Shared Volume (CSV). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-26940 CVSS:6.5


Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Desktop Protocol Client. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-22011 CVSS:5.5


Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-22012 CVSS:9.8


Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the LDAP. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22013 CVSS:8.8


Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the LDAP. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22014 CVSS:8.8


Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the LDAP. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22015 CVSS:6.5


Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Desktop Protocol (RDP). By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-22016 CVSS:7


Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the PlayToManager. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-22017 CVSS:8.8


Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Desktop Client. By sending specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-29102 CVSS:5.5


Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Failover Cluster Automation Server. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-29103 CVSS:7.8


Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Remote Access Connection Manager. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-29104 CVSS:7.8


Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-29105 CVSS:7.8


Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media Foundation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-29106 CVSS:7


Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Hyper-V. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-29112 CVSS:6.5


Microsoft Windows could allow a network attacker to obtain sensitive information, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2022-29113 CVSS:7.8


Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Digital Media Receiver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2022-26925 CVSS:8.1 Exploit In The Wild


Microsoft Windows could allow a remote attacker to conduct spoofing attacks.

Impact

  • Code Execution
  • Information Disclosure
  • Privilege Escalation

Indicators Of Compromise

CVE

  • CVE-2022-26927
  • CVE-2022-26930
  • CVE-2022-26931
  • CVE-2022-26932
  • CVE-2022-26933
  • CVE-2022-26934
  • CVE-2022-26935
  • CVE-2022-26936
  • CVE-2022-26938
  • CVE-2022-26940
  • CVE-2022-22011
  • CVE-2022-22012
  • CVE-2022-22013
  • CVE-2022-22014
  • CVE-2022-22015
  • CVE-2022-22016
  • CVE-2022-22017
  • CVE-2022-29102
  • CVE-2022-29103
  • CVE-2022-29104
  • CVE-2022-29105
  • CVE-2022-29106
  • CVE-2022-29112
  • CVE-2022-29113
  • CVE-2022-2692

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows Server 2019
  • Microsoft Windows 10 1809 for x64-based Systems
  • Microsoft Windows 10 1809 for 32-bit Systems
  • Microsoft Windows 10 1809 for ARM64-based Systems
  • Microsoft Windows 7 SP1 x32
  • Microsoft Windows 7 SP1 x64
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1 x32
  • Microsoft Windows Server 2016
  • Microsoft Windows Server (Server Core installation) 2019
  • Microsoft Windows Server (Server Core installation) 20H2
  • Microsoft Windows Server 2022
  • Microsoft Windows Server (Server Core installation) 2022
  • Microsoft Windows 11 x64
  • Microsoft Windows 11 ARM64
  • Microsoft Windows 10 x32
  • Microsoft Windows 10 x64
  • Microsoft Windows Server 2008 SP2 x32

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

Microsoft Security TechCenter

CVE-2022-26927
CVE-2022-26930
CVE-2022-26931
CVE-2022-26932
CVE-2022-26933
CVE-2022-26934
CVE-2022-26935
CVE-2022-26936
CVE-2022-26938
CVE-2022-26940
CVE-2022-22011
CVE-2022-22012
CVE-2022-22013
CVE-2022-22014
CVE-2022-22015
CVE-2022-22016
CVE-2022-22017
CVE-2022-29102
CVE-2022-29103
CVE-2022-29104
CVE-2022-29105
CVE-2022-29106
CVE-2022-29112
CVE-2022-29113
CVE-2022-26925

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.