Rewterz Threat Advisory – ICS: Siemens SIMATIC CP 442-1 and CP 443-1 RNA Vulnerability
May 11, 2022Rewterz Threat Advisory – CVE-2022-29885 – Apache Tomcat Vulnerability
May 12, 2022Severity
High
Analysis Summary
CVE-2022-26927 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the GDI+ component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-26930 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Access Connection Manager component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-26931 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kerberos component. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26932 CVSS:8.2
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cluster Shared Volume (CSV). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26933 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Network File System. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-26934 CVSS:6.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-26935 CVSS:.6.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the WLAN AutoConfig Service. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-26936 CVSS:.6.5
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Network File System. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-26938 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cluster Shared Volume (CSV). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26940 CVSS:6.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Desktop Protocol Client. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-22011 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-22012 CVSS:9.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the LDAP. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22013 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the LDAP. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22014 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the LDAP. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22015 CVSS:6.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Desktop Protocol (RDP). By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-22016 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the PlayToManager. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-22017 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Remote Desktop Client. By sending specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-29102 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Failover Cluster Automation Server. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-29103 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Remote Access Connection Manager. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-29104 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-29105 CVSS:7.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media Foundation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-29106 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Hyper-V. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-29112 CVSS:6.5
Microsoft Windows could allow a network attacker to obtain sensitive information, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2022-29113 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Digital Media Receiver component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2022-26925 CVSS:8.1 Exploit In The Wild
Microsoft Windows could allow a remote attacker to conduct spoofing attacks.
Impact
- Code Execution
- Information Disclosure
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-26927
- CVE-2022-26930
- CVE-2022-26931
- CVE-2022-26932
- CVE-2022-26933
- CVE-2022-26934
- CVE-2022-26935
- CVE-2022-26936
- CVE-2022-26938
- CVE-2022-26940
- CVE-2022-22011
- CVE-2022-22012
- CVE-2022-22013
- CVE-2022-22014
- CVE-2022-22015
- CVE-2022-22016
- CVE-2022-22017
- CVE-2022-29102
- CVE-2022-29103
- CVE-2022-29104
- CVE-2022-29105
- CVE-2022-29106
- CVE-2022-29112
- CVE-2022-29113
- CVE-2022-2692
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows 7 SP1 x32
- Microsoft Windows 7 SP1 x64
- Microsoft Windows Server 2012
- Microsoft Windows 8.1 x32
- Microsoft Windows Server 2016
- Microsoft Windows Server (Server Core installation) 2019
- Microsoft Windows Server (Server Core installation) 20H2
- Microsoft Windows Server 2022
- Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows 11 x64
- Microsoft Windows 11 ARM64
- Microsoft Windows 10 x32
- Microsoft Windows 10 x64
- Microsoft Windows Server 2008 SP2 x32
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
CVE-2022-26927
CVE-2022-26930
CVE-2022-26931
CVE-2022-26932
CVE-2022-26933
CVE-2022-26934
CVE-2022-26935
CVE-2022-26936
CVE-2022-26938
CVE-2022-26940
CVE-2022-22011
CVE-2022-22012
CVE-2022-22013
CVE-2022-22014
CVE-2022-22015
CVE-2022-22016
CVE-2022-22017
CVE-2022-29102
CVE-2022-29103
CVE-2022-29104
CVE-2022-29105
CVE-2022-29106
CVE-2022-29112
CVE-2022-29113
CVE-2022-26925