Skip to content

Instantly share code, notes, and snippets.

@clearbluejar

clearbluejar/MSRC August 2022 CVE Charts.md

Created September 2, 2022 04:22
Show Gist options
  • Save clearbluejar/85f00cce6f698a2ca27228d6ada4f79c to your computer and use it in GitHub Desktop.
Save clearbluejar/85f00cce6f698a2ca27228d6ada4f79c to your computer and use it in GitHub Desktop.
Download ZIP
MSRC August 2022 CVE Charts
Raw
MSRC August 2022 CVE Charts.md 
pie showData
    title Windows Tags Distribution
    "Azure Site Recovery" : 34
    "Microsoft Edge (Chromium-based)" : 20
    "Azure Real Time Operating System" : 8
    "Windows Secure Socket Tunneling Protocol (SSTP)" : 6
    "Microsoft Exchange Server" : 6
    "Windows Kernel" : 6
    "Windows Defender Credential Guard" : 6
    "Windows Storage Spaces Direct" : 5
    "Visual Studio" : 4
    "Windows Secure Boot" : 3
    "Microsoft Office Excel" : 2
    "Windows Partition Management Driver" : 2
    "Windows Point-to-Point Tunneling Protocol" : 1
    "Microsoft Windows Support Diagnostic Tool (MSDT)" : 1
    "Windows Local Security Authority (LSA)" : 1
    "Windows Bluetooth Service" : 1
    "Microsoft Office" : 1
    "Windows Error Reporting" : 1
    "Windows Hello" : 1
    "Remote Access Service Point-to-Point Tunneling Protocol" : 1
    "Windows Print Spooler Components" : 1
Loading
Tag CVEs Count
Azure Site Recovery
CVE-2022-35787
CVE-2022-35772
CVE-2022-35790
CVE-2022-35824
CVE-2022-35789
CVE-2022-35811
CVE-2022-35816
CVE-2022-35801
CVE-2022-35810
CVE-2022-35786
CVE-2022-35819
CVE-2022-35818
CVE-2022-35776
CVE-2022-35807
CVE-2022-35817
CVE-2022-35809
CVE-2022-35808
CVE-2022-35812
CVE-2022-35774
CVE-2022-35775
CVE-2022-35785
CVE-2022-35799
CVE-2022-35780
CVE-2022-35813
CVE-2022-35791
CVE-2022-35783
CVE-2022-35815
CVE-2022-35781
CVE-2022-35814
CVE-2022-35800
CVE-2022-35788
CVE-2022-35782
CVE-2022-35784
CVE-2022-35802
 34
Microsoft Edge (Chromium-based)
CVE-2022-2622
CVE-2022-2603
CVE-2022-2617
CVE-2022-2616
CVE-2022-2618
CVE-2022-2604
CVE-2022-2615
CVE-2022-2623
CVE-2022-2612
CVE-2022-2624
CVE-2022-2619
CVE-2022-2605
CVE-2022-2611
CVE-2022-2621
CVE-2022-2606
CVE-2022-2610
CVE-2022-2614
CVE-2022-33636
CVE-2022-33649
CVE-2022-35796
 20
Azure Real Time Operating System
CVE-2022-30175
CVE-2022-30176
CVE-2022-35773
CVE-2022-35806
CVE-2022-35779
CVE-2022-34687
CVE-2022-34686
CVE-2022-34685
 8
Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2022-34714
CVE-2022-35767
CVE-2022-34701
CVE-2022-34702
CVE-2022-35794
CVE-2022-35766
 6
Microsoft Exchange Server
CVE-2022-30134
CVE-2022-24516
CVE-2022-21980
CVE-2022-24477
CVE-2022-34692
CVE-2022-21979
 6
Windows Kernel
CVE-2022-35761
CVE-2022-35804
CVE-2022-30197
CVE-2022-34707
CVE-2022-35768
CVE-2022-34708
 6
Windows Defender Credential Guard
CVE-2022-35771
CVE-2022-34705
CVE-2022-34704
CVE-2022-34712
CVE-2022-34710
CVE-2022-34709
 6
Windows Storage Spaces Direct
CVE-2022-35762
CVE-2022-35764
CVE-2022-35763
CVE-2022-35792
CVE-2022-35765
 5
Visual Studio
CVE-2022-35777
CVE-2022-35827
CVE-2022-35825
CVE-2022-35826
 4
Windows Secure Boot
CVE-2022-34302
CVE-2022-34303
CVE-2022-34301
 3
Microsoft Office Excel
CVE-2022-33648
CVE-2022-33631
 2
Windows Partition Management Driver
CVE-2022-33670
CVE-2022-34703
 2
Windows Point-to-Point Tunneling Protocol
CVE-2022-30133
 1
Microsoft Windows Support Diagnostic Tool (MSDT)
CVE-2022-34713
 1
Windows Local Security Authority (LSA)
CVE-2022-34706
 1
Windows Bluetooth Service
CVE-2022-30144
 1
Microsoft Office
CVE-2022-34717
 1
Windows Error Reporting
CVE-2022-35795
 1
Windows Hello
CVE-2022-35797
 1
Remote Access Service Point-to-Point Tunneling Protocol
CVE-2022-35769
 1
Windows Print Spooler Components
CVE-2022-35793
 1 
pie showData
    title Windows Impact Distribution
    "Elevation of Privilege" : 57
    "Remote Code Execution" : 27
    "None" : 17
    "Information Disclosure" : 11
    "Security Feature Bypass" : 7
    "Denial of Service" : 3
    "Spoofing" : 1
Loading
Impact CVEs Count
Elevation of Privilege
CVE-2022-35763
CVE-2022-35768
CVE-2022-33670
CVE-2022-35807
CVE-2022-35817
CVE-2022-35795
CVE-2022-35793
CVE-2022-35787
CVE-2022-35760
CVE-2022-34690
CVE-2022-35771
CVE-2022-35814
CVE-2022-35762
CVE-2022-35790
CVE-2022-35809
CVE-2022-24477
CVE-2022-35820
CVE-2022-34705
CVE-2022-35764
CVE-2022-35816
CVE-2022-35789
CVE-2022-35811
CVE-2022-34706
CVE-2022-35808
CVE-2022-35800
CVE-2022-35796
CVE-2022-35812
CVE-2022-35788
CVE-2022-35774
CVE-2022-35775
CVE-2022-35813
CVE-2022-35791
CVE-2022-35785
CVE-2022-24516
CVE-2022-35801
CVE-2022-35783
CVE-2022-35792
CVE-2022-33646
CVE-2022-35799
CVE-2022-34707
CVE-2022-35761
CVE-2022-21980
CVE-2022-35810
CVE-2022-35780
CVE-2022-34691
CVE-2022-35815
CVE-2022-35782
CVE-2022-33640
CVE-2022-35786
CVE-2022-35784
CVE-2022-35802
CVE-2022-35765
CVE-2022-35781
CVE-2022-34703
CVE-2022-35819
CVE-2022-34699
CVE-2022-35818
 57
Remote Code Execution
CVE-2022-30194
CVE-2022-35779
CVE-2022-35767
CVE-2022-30133
CVE-2022-35794
CVE-2022-34713
CVE-2022-35766
CVE-2022-35772
CVE-2022-34687
CVE-2022-33648
CVE-2022-35824
CVE-2022-34715
CVE-2022-34714
CVE-2022-33636
CVE-2022-30176
CVE-2022-35777
CVE-2022-34696
CVE-2022-35827
CVE-2022-35773
CVE-2022-35806
CVE-2022-35804
CVE-2022-30144
CVE-2022-34702
CVE-2022-35826
CVE-2022-35825
CVE-2022-34717
CVE-2022-30175
 27
None
CVE-2022-2617
CVE-2022-2619
CVE-2022-2616
CVE-2022-2610
CVE-2022-2604
CVE-2022-2622
CVE-2022-2612
CVE-2022-2621
CVE-2022-2623
CVE-2022-2603
CVE-2022-2615
CVE-2022-2614
CVE-2022-2605
CVE-2022-2611
CVE-2022-2606
CVE-2022-2618
CVE-2022-2624
 17
Information Disclosure
CVE-2022-30197
CVE-2022-34708
CVE-2022-34686
CVE-2022-35821
CVE-2022-30134
CVE-2022-34704
CVE-2022-34710
CVE-2022-34685
CVE-2022-34712
CVE-2022-34692
CVE-2022-21979
 11
Security Feature Bypass
CVE-2022-33649
CVE-2022-33631
CVE-2022-34302
CVE-2022-35797
CVE-2022-34303
CVE-2022-34709
CVE-2022-34301
 7
Denial of Service
CVE-2022-34701
CVE-2022-35769
CVE-2022-35776
 3
Spoofing
CVE-2022-34716
 1
Raw
MSRC August 2022 CVE Table.md

MSRC August 2022 CVE Charts Table

CVE Description Release Date KBs Acknowledgments References CNA
CVE-2022-34302 A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. 2022-08-26
1.002 - KB5012170
10.0.14393.5285 - KB5012170
10.0.17763.3284 - KB5012170
10.0.19042.1880 - KB5012170
10.0.19042.1889 - KB5016616
10.0.19043.1880 - KB5012170
10.0.19044.1880 - KB5012170
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
V1.002 - KB5012170
V1.003 - KB5012170
 Mickey Shkatov and Jesse Michael with Eclypsium https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot
https://www.kb.cert.org/vuls/id/309662		 cve@mitre.org
CVE-2022-34303 A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. 2022-08-26
1.002 - KB5012170
10.0.14393.5285 - KB5012170
10.0.17763.3284 - KB5012170
10.0.19042.1880 - KB5012170
10.0.19042.1889 - KB5016616
10.0.19043.1880 - KB5012170
10.0.19044.1880 - KB5012170
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
V1.002 - KB5012170
V1.003 - KB5012170
 https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot
https://www.kb.cert.org/vuls/id/309662		 cve@mitre.org
CVE-2022-34301 A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. 2022-08-26
1.002 - KB5012170
10.0.14393.5285 - KB5012170
10.0.17763.3284 - KB5012170
10.0.19042.1880 - KB5012170
10.0.19042.1889 - KB5016616
10.0.19043.1880 - KB5012170
10.0.19044.1880 - KB5012170
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
V1.002 - KB5012170
V1.003 - KB5012170
 https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot
https://www.kb.cert.org/vuls/id/309662		 cve@mitre.org
CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. 2022-08-12
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://crbug.com/1332392
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2603 Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-08-12
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://crbug.com/1325699
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2617 Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. 2022-08-12
https://crbug.com/1292451
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2616 Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. 2022-08-12
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://crbug.com/1302159
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2618 Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . 2022-08-12
https://crbug.com/1308422
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2604 Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-08-12
https://crbug.com/1335316
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2615 Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-08-12
https://crbug.com/1268580
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2623 Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 2022-08-12
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://crbug.com/1337798
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2612 Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. 2022-08-12
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://crbug.com/1321350
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2624 Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. 2022-08-12
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://crbug.com/1339745
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2619 Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. 2022-08-12
https://crbug.com/1332881
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2605 Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-08-12
https://crbug.com/1338470
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2611 Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2022-08-12
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://crbug.com/1320538
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2621 Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. 2022-08-12
https://crbug.com/1323449
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2606 Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. 2022-08-12
https://crbug.com/1330489
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2610 Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2022-08-12
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://crbug.com/1278255
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-2614 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2022-08-12
https://crbug.com/1341907
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/202208-35		 chrome-cve-admin@google.com
CVE-2022-30133 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Azure Yang with Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30133 secure@microsoft.com
CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Imre Rad https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34713 secure@microsoft.com
CVE-2022-35787 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
William Söderberg with WithSecure https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35787 secure@microsoft.com
CVE-2022-35772 Azure Site Recovery Remote Code Execution Vulnerability. 2022-08-09
William Söderberg with WithSecure https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35772 secure@microsoft.com
CVE-2022-33648 Microsoft Excel Remote Code Execution Vulnerability. 2022-08-09
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33648 secure@microsoft.com
CVE-2022-35762 Storage Spaces Direct Elevation of Privilege Vulnerability. 2022-08-09
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35762 secure@microsoft.com
CVE-2022-35790 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35790 secure@microsoft.com
CVE-2022-35824 Azure Site Recovery Remote Code Execution Vulnerability. 2022-08-09
William Söderberg with WithSecure https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35824 secure@microsoft.com
CVE-2022-35764 Storage Spaces Direct Elevation of Privilege Vulnerability. 2022-08-09
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35764 secure@microsoft.com
CVE-2022-35789 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35789 secure@microsoft.com
CVE-2022-34714 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Yuki Chen with Cyber KunLun https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34714 secure@microsoft.com
CVE-2022-35811 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35811 secure@microsoft.com
CVE-2022-35816 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35816 secure@microsoft.com
CVE-2022-34706 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 bee13oy with Cyber Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34706 secure@microsoft.com
CVE-2022-35777 Visual Studio Remote Code Execution Vulnerability. 2022-08-09
14.0.27552.0 - KB5016316
 HAO LI of VenusTech ADLab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35777 secure@microsoft.com
CVE-2022-30134 Microsoft Exchange Information Disclosure Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30134 secure@microsoft.com
CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability. 2022-08-09
Tianze Ding(@D1iv3) with Tencent Security Xuanwu Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24516 secure@microsoft.com
CVE-2022-35801 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35801 secure@microsoft.com
CVE-2022-35827 Visual Studio Remote Code Execution Vulnerability. 2022-08-09
14.0.27552.0 - KB5016316
 HAO LI of VenusTech ADLab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35827 secure@microsoft.com
CVE-2022-35761 Windows Kernel Elevation of Privilege Vulnerability. 2022-08-09
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 b2ahex https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35761 secure@microsoft.com
CVE-2022-35804 SMB Client and Server Remote Code Execution Vulnerability. 2022-08-09
10.0.22621.856 - KB5016629
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35804 secure@microsoft.com
CVE-2022-30144 Windows Bluetooth Service Remote Code Execution Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.22621.856 - KB5016629
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Fernando Perera with LAYAKK
Jose Pico with LAYAKK		 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30144 secure@microsoft.com
CVE-2022-35810 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35810 secure@microsoft.com
CVE-2022-35786 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35786 secure@microsoft.com
CVE-2022-34717 Microsoft Office Remote Code Execution Vulnerability. 2022-08-09
Eduardo Braun Prado https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34717 secure@microsoft.com
CVE-2022-35819 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35819 secure@microsoft.com
CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. 2022-08-09
HP of Cyber Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30175 secure@microsoft.com
CVE-2022-35818 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35818 secure@microsoft.com
CVE-2022-35763 Storage Spaces Direct Elevation of Privilege Vulnerability. 2022-08-09
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35763 secure@microsoft.com
CVE-2022-30197 Windows Kernel Information Disclosure Vulnerability. 2022-08-09
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 Jarvis_1oop of vulnerability research institute https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30197 secure@microsoft.com
CVE-2022-35776 Azure Site Recovery Denial of Service Vulnerability. 2022-08-09
William Söderberg with WithSecure https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35776 secure@microsoft.com
CVE-2022-33670 Windows Partition Management Driver Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 vinhthp1712 working with Trend Micro Zero Day Initiative https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33670 secure@microsoft.com
CVE-2022-35807 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35807 secure@microsoft.com
CVE-2022-35817 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35817 secure@microsoft.com
CVE-2022-35767 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Yuki Chen with Cyber KunLun https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35767 secure@microsoft.com
CVE-2022-35795 Windows Error Reporting Service Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35795 secure@microsoft.com
CVE-2022-35797 Windows Hello Security Feature Bypass Vulnerability. 2022-08-09
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.22621.856 - KB5016629
 Jason Martinsen https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35797 secure@microsoft.com
CVE-2022-35771 Windows Defender Credential Guard Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 James Forshaw with Google Project Zero https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35771 secure@microsoft.com
CVE-2022-35809 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35809 secure@microsoft.com
CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability. 2022-08-09
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 James Forshaw with Google Project Zero https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34705 secure@microsoft.com
CVE-2022-34704 Windows Defender Credential Guard Information Disclosure Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 James Forshaw of Google Project Zero https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34704 secure@microsoft.com
CVE-2022-35808 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
William Söderberg with WithSecure https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35808 secure@microsoft.com
CVE-2022-33636 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. 2022-08-09
koocola https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33636
https://security.gentoo.org/glsa/202208-35		 secure@microsoft.com
CVE-2022-33649 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. 2022-08-09
jinmo123 with Theori https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33649
https://security.gentoo.org/glsa/202208-35		 secure@microsoft.com
CVE-2022-35796 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. 2022-08-09
koocola https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35796
https://security.gentoo.org/glsa/202208-35		 secure@microsoft.com
CVE-2022-30176 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. 2022-08-09
HP of Cyber Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30176 secure@microsoft.com
CVE-2022-35812 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35812 secure@microsoft.com
CVE-2022-35774 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35774 secure@microsoft.com
CVE-2022-35775 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35775 secure@microsoft.com
CVE-2022-35785 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35785 secure@microsoft.com
CVE-2022-34712 Windows Defender Credential Guard Information Disclosure Vulnerability. 2022-08-09
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 James Forshaw with Google Project Zero https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34712 secure@microsoft.com
CVE-2022-35773 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. 2022-08-09
HP of Cyber Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35773 secure@microsoft.com
CVE-2022-34701 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Yuki Chen with Cyber KunLun https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34701 secure@microsoft.com
CVE-2022-35806 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. 2022-08-09
bee13oy with Cyber Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35806 secure@microsoft.com
CVE-2022-35799 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35799 secure@microsoft.com
CVE-2022-21980 Microsoft Exchange Server Elevation of Privilege Vulnerability. 2022-08-09
Tianze Ding (@D1iv3) with Tencent Xuanwu Lab
Yuhao Weng with Sangfor
Zhiniang Peng with Sangfor		 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21980 secure@microsoft.com
CVE-2022-35780 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35780 secure@microsoft.com
CVE-2022-34702 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Yuki Chen with Cyber KunLun https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34702 secure@microsoft.com
CVE-2022-35825 Visual Studio Remote Code Execution Vulnerability. 2022-08-09
14.0.27552.0 - KB5016316
 HAO LI of VenusTech ADLab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35825 secure@microsoft.com
CVE-2022-35779 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. 2022-08-09
HP of Cyber Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35779 secure@microsoft.com
CVE-2022-35769 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Yuki Chen with Cyber KunLun https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35769 secure@microsoft.com
CVE-2022-35793 Windows Print Spooler Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Xuefeng Li with Sangfor https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35793 secure@microsoft.com
CVE-2022-35760 Microsoft ATA Port Driver Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 George Hughey with MSRC Vulnerabilities and Mitigations https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35760 secure@microsoft.com
CVE-2022-34687 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. 2022-08-09
bee13oy with Cyber Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34687 secure@microsoft.com
CVE-2022-34690 Windows Fax Service Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Xuefeng Li with Sangfor
Zhiniang Peng with Sangfor		 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34690 secure@microsoft.com
CVE-2022-34716 .NET Spoofing Vulnerability. 2022-08-09
3.1.28 - KB5016987
6.0.8 - KB5016990
 Felix Wilhelm of Google Project Zero
None		 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716 secure@microsoft.com
CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 PETER HLAVATY with Fruit your Game https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34696 secure@microsoft.com
CVE-2022-35813 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35813 secure@microsoft.com
CVE-2022-35791 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35791 secure@microsoft.com
CVE-2022-34710 Windows Defender Credential Guard Information Disclosure Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 James Forshaw with Google Project Zero https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34710 secure@microsoft.com
CVE-2022-35783 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35783 secure@microsoft.com
CVE-2022-35792 Storage Spaces Direct Elevation of Privilege Vulnerability. 2022-08-09
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35792 secure@microsoft.com
CVE-2022-33646 Azure Batch Node Agent Elevation of Privilege Vulnerability. 2022-08-09
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33646 secure@microsoft.com
CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Mateusz Jurczyk of Google Project Zero https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34707 secure@microsoft.com
CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability. 2022-08-09
HP of Cyber Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34686 secure@microsoft.com
CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 k0shl with Kunlun Lab
Zoltan Harmath of Microsoft		 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34691 secure@microsoft.com
CVE-2022-35815 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35815 secure@microsoft.com
CVE-2022-35826 Visual Studio Remote Code Execution Vulnerability. 2022-08-09
14.0.27552.0 - KB5016316
 HAO LI of VenusTech ADLab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35826 secure@microsoft.com
CVE-2022-35781 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35781 secure@microsoft.com
CVE-2022-34703 Windows Partition Management Driver Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 nhiadt12 from Viettel Cyber Security working with Trend Micro Zero Day Initiative https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34703 secure@microsoft.com
CVE-2022-34685 Azure RTOS GUIX Studio Information Disclosure Vulnerability. 2022-08-09
HP of Cyber Kunlun Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34685 secure@microsoft.com
CVE-2022-35768 Windows Kernel Elevation of Privilege Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Mateusz Jurczyk of Google Project Zero https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35768 secure@microsoft.com
CVE-2022-30194 Windows WebBrowser Control Remote Code Execution Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Eduardo Braun Prado working with Trend Micro Zero Day Initiative https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30194 secure@microsoft.com
CVE-2022-35794 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. 2022-08-09
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 Yuki Chen with Cyber KunLun https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35794 secure@microsoft.com
CVE-2022-34709 Windows Defender Credential Guard Security Feature Bypass Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 James Forshaw with Google Project Zero https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34709 secure@microsoft.com
CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. 2022-08-09
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 Yuki Chen with Cyber KunLun https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35766 secure@microsoft.com
CVE-2022-35814 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35814 secure@microsoft.com
CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability. 2022-08-09
Tianze Ding (@D1iv3) with Tencent Security Xuanwu Lab https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24477 secure@microsoft.com
CVE-2022-35820 Windows Bluetooth Driver Elevation of Privilege Vulnerability. 2022-08-09
1.002 - KB5012170
10.0.14393.5285 - KB5012170
10.0.17763.3284 - KB5012170
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 T0 working with Trend Micro Zero Day Initiative https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35820 secure@microsoft.com
CVE-2022-34715 Windows Network File System Remote Code Execution Vulnerability. 2022-08-09
10.0.20348.887 - KB5016627
 Arimura https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34715 secure@microsoft.com
CVE-2022-34692 Microsoft Exchange Information Disclosure Vulnerability. 2022-08-09
Orange Tsai (@orange_8361) with DEVCORE https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34692 secure@microsoft.com
CVE-2022-21979 Microsoft Exchange Information Disclosure Vulnerability. 2022-08-09
Orange Tsai (@orange_8361) with DEVCORE https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21979 secure@microsoft.com
CVE-2022-35800 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
William Söderberg with WithSecure https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35800 secure@microsoft.com
CVE-2022-35821 Azure Sphere Information Disclosure Vulnerability. 2022-08-09
Discovered by Claudio Bozzato and Lilith of Cisco Talos. with Cisco Talos https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35821
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1497		 secure@microsoft.com
CVE-2022-35788 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35788 secure@microsoft.com
CVE-2022-34708 Windows Kernel Information Disclosure Vulnerability. 2022-08-09
10.0.10240.19387 - KB5016639
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
6.0.6003.21616 - KB5016669
6.0.6003.21616 - KB5016686
6.1.7601.26065 - KB5016676
6.1.7601.26065 - KB5016679
6.2.9200.23817 - KB5016672
6.2.9200.23817 - KB5016684
6.3.9600.20512 - KB5016618
6.3.9600.20520 - KB5016681
6.3.9600.20520 - KB5016683
 Mateusz Jurczyk of Google Project Zero https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34708 secure@microsoft.com
CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability. 2022-08-09
Hidetake Jo with Microsoft https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33631 secure@microsoft.com
CVE-2022-35782 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35782 secure@microsoft.com
CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. 2022-08-09
Sick Codes with Sick Codes https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33640 secure@microsoft.com
CVE-2022-35784 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35784 secure@microsoft.com
CVE-2022-35802 Azure Site Recovery Elevation of Privilege Vulnerability. 2022-08-09
Anonymous https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35802 secure@microsoft.com
CVE-2022-35765 Storage Spaces Direct Elevation of Privilege Vulnerability. 2022-08-09
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35765 secure@microsoft.com
CVE-2022-34699 Windows Win32k Elevation of Privilege Vulnerability. 2022-08-09
10.0.14393.5291 - KB5016622
10.0.17763.3287 - KB5016623
10.0.19042.1889 - KB5016616
10.0.19043.1889 - KB5016616
10.0.19044.1889 - KB5016616
10.0.20348.887 - KB5016627
10.0.22621.856 - KB5016629
 Bruno PUJOS (@brunopujos) from REverse Tactics working with Trend Micro Zero Day Initiative https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34699 secure@microsoft.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment