CVE-2022-34729 |
Windows GDI Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
luckyu with NSFOCUS TIANYUAN LAB |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34729 |
secure@microsoft.com |
CVE-2022-35823 |
Microsoft SharePoint Remote Code Execution Vulnerability. |
2022-09-13 |
|
Eduardo Braun working with Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35823 |
secure@microsoft.com |
CVE-2022-35841 |
Windows Enterprise App Management Service Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 |
Ceri Coburn with Pen Test Partners |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35841 |
secure@microsoft.com |
CVE-2022-37964 |
Windows Kernel Elevation of Privilege Vulnerability. |
2022-09-13 |
6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 |
RyeLv (@b2ahex) |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37964 |
secure@microsoft.com |
CVE-2022-34718 |
Windows TCP/IP Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Quan Luo |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34718 |
secure@microsoft.com |
CVE-2022-35838 |
HTTP V3 Denial of Service Vulnerability. |
2022-09-13 |
10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 |
Jan Reilink |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35838 |
secure@microsoft.com |
CVE-2022-35830 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Andrew Flannery with Microsoft Offensive Research & Security Engineering Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35830 |
secure@microsoft.com |
CVE-2022-34731 |
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34731 |
secure@microsoft.com |
CVE-2022-30196 |
Windows Secure Channel Denial of Service Vulnerability. |
2022-09-13 |
10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 |
Polar Bear |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30196 |
secure@microsoft.com |
CVE-2022-34723 |
Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability. |
2022-09-13 |
10.0.22000.978 - KB5017328 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34723 |
secure@microsoft.com |
CVE-2022-35836 |
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35836 |
secure@microsoft.com |
CVE-2022-37969 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Quan Jin with DBAPPSecurity Zscaler ThreatLabz with Zscaler Genwei Jiang with Mandiant, FLARE OTF CrowdStrike |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969 |
secure@microsoft.com |
CVE-2022-35828 |
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability. |
2022-09-13 |
|
Mickey Jin with Trend Micro |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35828 |
secure@microsoft.com |
CVE-2022-37956 |
Windows Kernel Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Mateusz Jurczyk of Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37956 |
secure@microsoft.com |
CVE-2022-35832 |
Windows Event Tracing Denial of Service Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35832 |
secure@microsoft.com |
CVE-2022-26929 |
.NET Framework Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 3.5.04556.03 - KB5017501 3.5.09082.05 - KB5017498 3.5.09082.05 - KB5017501 4.8.04556.03 - KB5017497 4.8.04556.03 - KB5017499 4.8.04556.03 - KB5017500 4.8.1.09082.07 - KB5017497 4.8.1.09082.07 - KB5017497 4.8.1.09082.07 - KB5017499 4.8.1.09082.07 - KB5017499 4.8.1.09082.07 - KB5017500 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Eran Zimmerman Gonen with Accenture Security Israel |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26929 |
secure@microsoft.com |
CVE-2022-34725 |
Windows ALPC Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Jarvis_1oop of vulnerability research institute |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34725 |
secure@microsoft.com |
CVE-2022-35834 |
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35834 |
secure@microsoft.com |
CVE-2022-38019 |
AV1 Video Extension Remote Code Execution Vulnerability. |
2022-09-13 |
|
bugwhale |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38019 |
secure@microsoft.com |
CVE-2022-33647 |
Windows Kerberos Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
James Forshaw of Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33647 |
secure@microsoft.com |
CVE-2022-38005 |
Windows Print Spooler Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Bulat Zagartdinov with Group-IB |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38005 |
secure@microsoft.com |
CVE-2022-38006 |
Windows Graphics Component Information Disclosure Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Gábor Selján |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38006 |
secure@microsoft.com |
CVE-2022-35805 |
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. |
2022-09-13 |
|
Fabian Schmidt |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35805 |
secure@microsoft.com |
CVE-2022-35803 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
xi4oyu and Quan Jin with DBAPPSecurity WeBin Lab Mahendra Mishra of Microsoft's Windows Servicing and Delivery Group |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35803 |
secure@microsoft.com |
CVE-2022-38007 |
Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability. |
2022-09-13 |
|
Vladimir Abramzon with Microsoft Offensive Research Security Engineering |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38007 |
secure@microsoft.com |
CVE-2022-34721 |
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34721 |
secure@microsoft.com |
CVE-2022-37954 |
DirectX Graphics Kernel Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 |
Anonymous working with Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37954 |
secure@microsoft.com |
CVE-2022-37962 |
Microsoft PowerPoint Remote Code Execution Vulnerability. |
2022-09-13 |
|
Anonymous working with Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37962 |
secure@microsoft.com |
CVE-2022-38020 |
Visual Studio Code Elevation of Privilege Vulnerability. |
2022-09-13 |
|
ycdxsb with VARAS@IIE |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38020 |
secure@microsoft.com |
CVE-2022-34728 |
Windows Graphics Component Information Disclosure Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Gábor Selján |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34728 |
secure@microsoft.com |
CVE-2022-30200 |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
George Hughey of MSRC Vulnerabilities & Mitigations |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30200 |
secure@microsoft.com |
CVE-2022-35833 |
Windows Secure Channel Denial of Service Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Polar Bear |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35833 |
secure@microsoft.com |
CVE-2022-35831 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Microsoft Offensive Research & Security Engineering (MORSE) |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35831 |
secure@microsoft.com |
CVE-2022-34720 |
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34720 |
secure@microsoft.com |
CVE-2022-34734 |
Microsoft ODBC Driver Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34734 |
secure@microsoft.com |
CVE-2022-38013 |
.NET Core and Visual Studio Denial of Service Vulnerability. |
2022-09-13 |
|
Graham Esau with Vonage Graham Esau with Vonage |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013 |
secure@microsoft.com |
CVE-2022-34732 |
Microsoft ODBC Driver Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34732 |
secure@microsoft.com |
CVE-2022-38012 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. |
2022-09-13 |
|
yzh with KunLun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38012 |
secure@microsoft.com |
CVE-2022-34733 |
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34733 |
secure@microsoft.com |
CVE-2022-35840 |
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35840 |
secure@microsoft.com |
CVE-2022-37963 |
Microsoft Office Visio Remote Code Execution Vulnerability. |
2022-09-13 |
|
Hossein Lotfi of Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37963 |
secure@microsoft.com |
CVE-2022-38011 |
Raw Image Extension Remote Code Execution Vulnerability. |
2022-09-13 |
|
z0mbie |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38011 |
secure@microsoft.com |
CVE-2022-38009 |
Microsoft SharePoint Server Remote Code Execution Vulnerability. |
2022-09-13 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38009 |
secure@microsoft.com |
CVE-2022-38010 |
Microsoft Office Visio Remote Code Execution Vulnerability. |
2022-09-13 |
|
HAO LI of VenusTech ADLab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38010 |
secure@microsoft.com |
CVE-2022-37961 |
Microsoft SharePoint Server Remote Code Execution Vulnerability. |
2022-09-13 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37961 |
secure@microsoft.com |
CVE-2022-38008 |
Microsoft SharePoint Server Remote Code Execution Vulnerability. |
2022-09-13 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38008 |
secure@microsoft.com |
CVE-2022-37958 |
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37958 |
secure@microsoft.com |
CVE-2022-26928 |
Windows Photo Import API Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.22000.978 - KB5017328 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26928 |
secure@microsoft.com |
CVE-2022-34730 |
Microsoft ODBC Driver Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34730 |
secure@microsoft.com |
CVE-2022-34726 |
Microsoft ODBC Driver Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34726 |
secure@microsoft.com |
CVE-2022-34727 |
Microsoft ODBC Driver Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34727 |
secure@microsoft.com |
CVE-2022-37957 |
Windows Kernel Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.22000.978 - KB5017328 |
RyeLv (@b2ahex) |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37957 |
secure@microsoft.com |
CVE-2022-34719 |
Windows Distributed File System (DFS) Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Angelboy with DEVCORE |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34719 |
secure@microsoft.com |
CVE-2022-37955 |
Windows Group Policy Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Anonymous working with Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37955 |
secure@microsoft.com |
CVE-2022-35837 |
Windows Graphics Component Information Disclosure Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Gábor Selján |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35837 |
secure@microsoft.com |
CVE-2022-35835 |
Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Haifei Li with CyberKL Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35835 |
secure@microsoft.com |
CVE-2022-33679 |
Windows Kerberos Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
James Forshaw of Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33679 |
secure@microsoft.com |
CVE-2022-34722 |
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34722 |
secure@microsoft.com |
CVE-2022-38004 |
Windows Fax Service Remote Code Execution Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
George Hughey with MSRC Vulnerabilities and Mitigations |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38004 |
secure@microsoft.com |
CVE-2022-30170 |
Windows Credential Roaming Service Elevation of Privilege Vulnerability. |
2022-09-13 |
10.0.10240.19444 - KB5017327 10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.19042.2006 - KB5017308 10.0.19043.2006 - KB5017308 10.0.19044.2006 - KB5017308 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 10.0.22000.978 - KB5017328 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Thibault Van Geluwe de Berlaere with Mandiant |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30170 |
secure@microsoft.com |
CVE-2022-34724 |
Windows DNS Server Denial of Service Vulnerability. |
2022-09-13 |
10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 6.0.6003.21666 - KB5017358 6.0.6003.21666 - KB5017371 6.1.7601.26115 - KB5017361 6.1.7601.26115 - KB5017373 6.2.9200.23865 - KB5017370 6.2.9200.23865 - KB5017377 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34724 |
secure@microsoft.com |
CVE-2022-37959 |
Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability. |
2022-09-13 |
10.0.14393.5356 - KB5017305 10.0.17763.3406 - KB5017315 10.0.20348.1006 - KB5017316 10.0.20348.916 - KB5017392 6.3.9600.20571 - KB5017365 6.3.9600.20571 - KB5017367 |
Félix Martel-Denis |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37959 |
secure@microsoft.com |
CVE-2022-34700 |
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. |
2022-09-13 |
|
Fabian Schmidt |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34700 |
secure@microsoft.com |