CVE-2022-34302 |
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. |
2022-08-26 |
1.002 - KB5012170 10.0.14393.5285 - KB5012170 10.0.17763.3284 - KB5012170 10.0.19042.1880 - KB5012170 10.0.19042.1889 - KB5016616 10.0.19043.1880 - KB5012170 10.0.19044.1880 - KB5012170 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 V1.002 - KB5012170 V1.003 - KB5012170 |
Mickey Shkatov and Jesse Michael with Eclypsium |
https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.kb.cert.org/vuls/id/309662 |
cve@mitre.org |
CVE-2022-34303 |
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. |
2022-08-26 |
1.002 - KB5012170 10.0.14393.5285 - KB5012170 10.0.17763.3284 - KB5012170 10.0.19042.1880 - KB5012170 10.0.19042.1889 - KB5016616 10.0.19043.1880 - KB5012170 10.0.19044.1880 - KB5012170 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 V1.002 - KB5012170 V1.003 - KB5012170 |
|
https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.kb.cert.org/vuls/id/309662 |
cve@mitre.org |
CVE-2022-34301 |
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. |
2022-08-26 |
1.002 - KB5012170 10.0.14393.5285 - KB5012170 10.0.17763.3284 - KB5012170 10.0.19042.1880 - KB5012170 10.0.19042.1889 - KB5016616 10.0.19043.1880 - KB5012170 10.0.19044.1880 - KB5012170 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 V1.002 - KB5012170 V1.003 - KB5012170 |
|
https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.kb.cert.org/vuls/id/309662 |
cve@mitre.org |
CVE-2022-2622 |
Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. |
2022-08-12 |
|
|
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1332392 https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2603 |
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
2022-08-12 |
|
|
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1325699 https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2617 |
Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. |
2022-08-12 |
|
|
https://crbug.com/1292451 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2616 |
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. |
2022-08-12 |
|
|
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1302159 https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2618 |
Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . |
2022-08-12 |
|
|
https://crbug.com/1308422 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2604 |
Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
2022-08-12 |
|
|
https://crbug.com/1335316 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2615 |
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
2022-08-12 |
|
|
https://crbug.com/1268580 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2623 |
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. |
2022-08-12 |
|
|
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1337798 https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2612 |
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. |
2022-08-12 |
|
|
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1321350 https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2624 |
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. |
2022-08-12 |
|
|
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1339745 https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2619 |
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. |
2022-08-12 |
|
|
https://crbug.com/1332881 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2605 |
Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
2022-08-12 |
|
|
https://crbug.com/1338470 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2611 |
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
2022-08-12 |
|
|
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1320538 https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2621 |
Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. |
2022-08-12 |
|
|
https://crbug.com/1323449 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2606 |
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. |
2022-08-12 |
|
|
https://crbug.com/1330489 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2610 |
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
2022-08-12 |
|
|
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1278255 https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-2614 |
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
2022-08-12 |
|
|
https://crbug.com/1341907 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://security.gentoo.org/glsa/202208-35 |
chrome-cve-admin@google.com |
CVE-2022-30133 |
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Azure Yang with Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30133 |
secure@microsoft.com |
CVE-2022-34713 |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Imre Rad |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34713 |
secure@microsoft.com |
CVE-2022-35787 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
William Söderberg with WithSecure |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35787 |
secure@microsoft.com |
CVE-2022-35772 |
Azure Site Recovery Remote Code Execution Vulnerability. |
2022-08-09 |
|
William Söderberg with WithSecure |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35772 |
secure@microsoft.com |
CVE-2022-33648 |
Microsoft Excel Remote Code Execution Vulnerability. |
2022-08-09 |
|
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33648 |
secure@microsoft.com |
CVE-2022-35762 |
Storage Spaces Direct Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35762 |
secure@microsoft.com |
CVE-2022-35790 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35790 |
secure@microsoft.com |
CVE-2022-35824 |
Azure Site Recovery Remote Code Execution Vulnerability. |
2022-08-09 |
|
William Söderberg with WithSecure |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35824 |
secure@microsoft.com |
CVE-2022-35764 |
Storage Spaces Direct Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35764 |
secure@microsoft.com |
CVE-2022-35789 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35789 |
secure@microsoft.com |
CVE-2022-34714 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34714 |
secure@microsoft.com |
CVE-2022-35811 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35811 |
secure@microsoft.com |
CVE-2022-35816 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35816 |
secure@microsoft.com |
CVE-2022-34706 |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
bee13oy with Cyber Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34706 |
secure@microsoft.com |
CVE-2022-35777 |
Visual Studio Remote Code Execution Vulnerability. |
2022-08-09 |
14.0.27552.0 - KB5016316 |
HAO LI of VenusTech ADLab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35777 |
secure@microsoft.com |
CVE-2022-30134 |
Microsoft Exchange Information Disclosure Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30134 |
secure@microsoft.com |
CVE-2022-24516 |
Microsoft Exchange Server Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Tianze Ding(@D1iv3) with Tencent Security Xuanwu Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24516 |
secure@microsoft.com |
CVE-2022-35801 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35801 |
secure@microsoft.com |
CVE-2022-35827 |
Visual Studio Remote Code Execution Vulnerability. |
2022-08-09 |
14.0.27552.0 - KB5016316 |
HAO LI of VenusTech ADLab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35827 |
secure@microsoft.com |
CVE-2022-35761 |
Windows Kernel Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
b2ahex |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35761 |
secure@microsoft.com |
CVE-2022-35804 |
SMB Client and Server Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.22621.856 - KB5016629 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35804 |
secure@microsoft.com |
CVE-2022-30144 |
Windows Bluetooth Service Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.22621.856 - KB5016629 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Fernando Perera with LAYAKK Jose Pico with LAYAKK |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30144 |
secure@microsoft.com |
CVE-2022-35810 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35810 |
secure@microsoft.com |
CVE-2022-35786 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35786 |
secure@microsoft.com |
CVE-2022-34717 |
Microsoft Office Remote Code Execution Vulnerability. |
2022-08-09 |
|
Eduardo Braun Prado |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34717 |
secure@microsoft.com |
CVE-2022-35819 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35819 |
secure@microsoft.com |
CVE-2022-30175 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability. |
2022-08-09 |
|
HP of Cyber Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30175 |
secure@microsoft.com |
CVE-2022-35818 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35818 |
secure@microsoft.com |
CVE-2022-35763 |
Storage Spaces Direct Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35763 |
secure@microsoft.com |
CVE-2022-30197 |
Windows Kernel Information Disclosure Vulnerability. |
2022-08-09 |
10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
Jarvis_1oop of vulnerability research institute |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30197 |
secure@microsoft.com |
CVE-2022-35776 |
Azure Site Recovery Denial of Service Vulnerability. |
2022-08-09 |
|
William Söderberg with WithSecure |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35776 |
secure@microsoft.com |
CVE-2022-33670 |
Windows Partition Management Driver Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
vinhthp1712 working with Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33670 |
secure@microsoft.com |
CVE-2022-35807 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35807 |
secure@microsoft.com |
CVE-2022-35817 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35817 |
secure@microsoft.com |
CVE-2022-35767 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35767 |
secure@microsoft.com |
CVE-2022-35795 |
Windows Error Reporting Service Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35795 |
secure@microsoft.com |
CVE-2022-35797 |
Windows Hello Security Feature Bypass Vulnerability. |
2022-08-09 |
10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.22621.856 - KB5016629 |
Jason Martinsen |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35797 |
secure@microsoft.com |
CVE-2022-35771 |
Windows Defender Credential Guard Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
James Forshaw with Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35771 |
secure@microsoft.com |
CVE-2022-35809 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35809 |
secure@microsoft.com |
CVE-2022-34705 |
Windows Defender Credential Guard Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
James Forshaw with Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34705 |
secure@microsoft.com |
CVE-2022-34704 |
Windows Defender Credential Guard Information Disclosure Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
James Forshaw of Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34704 |
secure@microsoft.com |
CVE-2022-35808 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
William Söderberg with WithSecure |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35808 |
secure@microsoft.com |
CVE-2022-33636 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. |
2022-08-09 |
|
koocola |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33636 https://security.gentoo.org/glsa/202208-35 |
secure@microsoft.com |
CVE-2022-33649 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. |
2022-08-09 |
|
jinmo123 with Theori |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33649 https://security.gentoo.org/glsa/202208-35 |
secure@microsoft.com |
CVE-2022-35796 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. |
2022-08-09 |
|
koocola |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35796 https://security.gentoo.org/glsa/202208-35 |
secure@microsoft.com |
CVE-2022-30176 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability. |
2022-08-09 |
|
HP of Cyber Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30176 |
secure@microsoft.com |
CVE-2022-35812 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35812 |
secure@microsoft.com |
CVE-2022-35774 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35774 |
secure@microsoft.com |
CVE-2022-35775 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35775 |
secure@microsoft.com |
CVE-2022-35785 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35785 |
secure@microsoft.com |
CVE-2022-34712 |
Windows Defender Credential Guard Information Disclosure Vulnerability. |
2022-08-09 |
10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
James Forshaw with Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34712 |
secure@microsoft.com |
CVE-2022-35773 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability. |
2022-08-09 |
|
HP of Cyber Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35773 |
secure@microsoft.com |
CVE-2022-34701 |
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34701 |
secure@microsoft.com |
CVE-2022-35806 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability. |
2022-08-09 |
|
bee13oy with Cyber Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35806 |
secure@microsoft.com |
CVE-2022-35799 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35799 |
secure@microsoft.com |
CVE-2022-21980 |
Microsoft Exchange Server Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Tianze Ding (@D1iv3) with Tencent Xuanwu Lab Yuhao Weng with Sangfor Zhiniang Peng with Sangfor |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21980 |
secure@microsoft.com |
CVE-2022-35780 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35780 |
secure@microsoft.com |
CVE-2022-34702 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34702 |
secure@microsoft.com |
CVE-2022-35825 |
Visual Studio Remote Code Execution Vulnerability. |
2022-08-09 |
14.0.27552.0 - KB5016316 |
HAO LI of VenusTech ADLab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35825 |
secure@microsoft.com |
CVE-2022-35779 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability. |
2022-08-09 |
|
HP of Cyber Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35779 |
secure@microsoft.com |
CVE-2022-35769 |
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35769 |
secure@microsoft.com |
CVE-2022-35793 |
Windows Print Spooler Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Xuefeng Li with Sangfor |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35793 |
secure@microsoft.com |
CVE-2022-35760 |
Microsoft ATA Port Driver Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
George Hughey with MSRC Vulnerabilities and Mitigations |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35760 |
secure@microsoft.com |
CVE-2022-34687 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability. |
2022-08-09 |
|
bee13oy with Cyber Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34687 |
secure@microsoft.com |
CVE-2022-34690 |
Windows Fax Service Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Xuefeng Li with Sangfor Zhiniang Peng with Sangfor |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34690 |
secure@microsoft.com |
CVE-2022-34716 |
.NET Spoofing Vulnerability. |
2022-08-09 |
3.1.28 - KB5016987 6.0.8 - KB5016990 |
Felix Wilhelm of Google Project Zero None |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716 |
secure@microsoft.com |
CVE-2022-34696 |
Windows Hyper-V Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
PETER HLAVATY with Fruit your Game |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34696 |
secure@microsoft.com |
CVE-2022-35813 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35813 |
secure@microsoft.com |
CVE-2022-35791 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35791 |
secure@microsoft.com |
CVE-2022-34710 |
Windows Defender Credential Guard Information Disclosure Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
James Forshaw with Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34710 |
secure@microsoft.com |
CVE-2022-35783 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35783 |
secure@microsoft.com |
CVE-2022-35792 |
Storage Spaces Direct Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35792 |
secure@microsoft.com |
CVE-2022-33646 |
Azure Batch Node Agent Elevation of Privilege Vulnerability. |
2022-08-09 |
|
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33646 |
secure@microsoft.com |
CVE-2022-34707 |
Windows Kernel Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Mateusz Jurczyk of Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34707 |
secure@microsoft.com |
CVE-2022-34686 |
Azure RTOS GUIX Studio Information Disclosure Vulnerability. |
2022-08-09 |
|
HP of Cyber Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34686 |
secure@microsoft.com |
CVE-2022-34691 |
Active Directory Domain Services Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
k0shl with Kunlun Lab Zoltan Harmath of Microsoft |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34691 |
secure@microsoft.com |
CVE-2022-35815 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35815 |
secure@microsoft.com |
CVE-2022-35826 |
Visual Studio Remote Code Execution Vulnerability. |
2022-08-09 |
14.0.27552.0 - KB5016316 |
HAO LI of VenusTech ADLab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35826 |
secure@microsoft.com |
CVE-2022-35781 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35781 |
secure@microsoft.com |
CVE-2022-34703 |
Windows Partition Management Driver Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
nhiadt12 from Viettel Cyber Security working with Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34703 |
secure@microsoft.com |
CVE-2022-34685 |
Azure RTOS GUIX Studio Information Disclosure Vulnerability. |
2022-08-09 |
|
HP of Cyber Kunlun Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34685 |
secure@microsoft.com |
CVE-2022-35768 |
Windows Kernel Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Mateusz Jurczyk of Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35768 |
secure@microsoft.com |
CVE-2022-30194 |
Windows WebBrowser Control Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Eduardo Braun Prado working with Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30194 |
secure@microsoft.com |
CVE-2022-35794 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35794 |
secure@microsoft.com |
CVE-2022-34709 |
Windows Defender Credential Guard Security Feature Bypass Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
James Forshaw with Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34709 |
secure@microsoft.com |
CVE-2022-35766 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
Yuki Chen with Cyber KunLun |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35766 |
secure@microsoft.com |
CVE-2022-35814 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35814 |
secure@microsoft.com |
CVE-2022-24477 |
Microsoft Exchange Server Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Tianze Ding (@D1iv3) with Tencent Security Xuanwu Lab |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24477 |
secure@microsoft.com |
CVE-2022-35820 |
Windows Bluetooth Driver Elevation of Privilege Vulnerability. |
2022-08-09 |
1.002 - KB5012170 10.0.14393.5285 - KB5012170 10.0.17763.3284 - KB5012170 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
T0 working with Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35820 |
secure@microsoft.com |
CVE-2022-34715 |
Windows Network File System Remote Code Execution Vulnerability. |
2022-08-09 |
10.0.20348.887 - KB5016627 |
Arimura |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34715 |
secure@microsoft.com |
CVE-2022-34692 |
Microsoft Exchange Information Disclosure Vulnerability. |
2022-08-09 |
|
Orange Tsai (@orange_8361) with DEVCORE |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34692 |
secure@microsoft.com |
CVE-2022-21979 |
Microsoft Exchange Information Disclosure Vulnerability. |
2022-08-09 |
|
Orange Tsai (@orange_8361) with DEVCORE |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21979 |
secure@microsoft.com |
CVE-2022-35800 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
William Söderberg with WithSecure |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35800 |
secure@microsoft.com |
CVE-2022-35821 |
Azure Sphere Information Disclosure Vulnerability. |
2022-08-09 |
|
Discovered by Claudio Bozzato and Lilith of Cisco Talos. with Cisco Talos |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35821 https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1497 |
secure@microsoft.com |
CVE-2022-35788 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35788 |
secure@microsoft.com |
CVE-2022-34708 |
Windows Kernel Information Disclosure Vulnerability. |
2022-08-09 |
10.0.10240.19387 - KB5016639 10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 6.0.6003.21616 - KB5016669 6.0.6003.21616 - KB5016686 6.1.7601.26065 - KB5016676 6.1.7601.26065 - KB5016679 6.2.9200.23817 - KB5016672 6.2.9200.23817 - KB5016684 6.3.9600.20512 - KB5016618 6.3.9600.20520 - KB5016681 6.3.9600.20520 - KB5016683 |
Mateusz Jurczyk of Google Project Zero |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34708 |
secure@microsoft.com |
CVE-2022-33631 |
Microsoft Excel Security Feature Bypass Vulnerability. |
2022-08-09 |
|
Hidetake Jo with Microsoft |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33631 |
secure@microsoft.com |
CVE-2022-35782 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35782 |
secure@microsoft.com |
CVE-2022-33640 |
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Sick Codes with Sick Codes |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33640 |
secure@microsoft.com |
CVE-2022-35784 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35784 |
secure@microsoft.com |
CVE-2022-35802 |
Azure Site Recovery Elevation of Privilege Vulnerability. |
2022-08-09 |
|
Anonymous |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35802 |
secure@microsoft.com |
CVE-2022-35765 |
Storage Spaces Direct Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35765 |
secure@microsoft.com |
CVE-2022-34699 |
Windows Win32k Elevation of Privilege Vulnerability. |
2022-08-09 |
10.0.14393.5291 - KB5016622 10.0.17763.3287 - KB5016623 10.0.19042.1889 - KB5016616 10.0.19043.1889 - KB5016616 10.0.19044.1889 - KB5016616 10.0.20348.887 - KB5016627 10.0.22621.856 - KB5016629 |
Bruno PUJOS (@brunopujos) from REverse Tactics working with Trend Micro Zero Day Initiative |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34699 |
secure@microsoft.com |