Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability

Microsoft · Windows

Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability

Microsoft · Defender

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft · Windows

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft · Windows

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft · Windows

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Microsoft · Windows

Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Microsoft Windows Scripting Languages Remote Code Execution Vulnerability

Microsoft · Windows

Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.

Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability

Microsoft · Windows COM+ Event System Service

Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft · Exchange Server

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Microsoft Exchange Server Server-Side Request Forgery Vulnerability

Microsoft · Exchange Server

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

Microsoft Windows Remote Code Execution Vulnerability

Microsoft · Windows

Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft · Windows

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Microsoft · Active Directory

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

Microsoft Windows Runtime Remote Code Execution Vulnerability

Microsoft · Windows

Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Microsoft · Windows

A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.

Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability

Microsoft · Windows

Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.

Microsoft Windows LSA Spoofing Vulnerability

Microsoft · Windows

Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Microsoft · Windows

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

Microsoft Office Buffer Overflow Vulnerability

Microsoft · Office

Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft · Internet Explorer

Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.

Microsoft XML Core Services Memory Corruption Vulnerability

Microsoft · XML Core Services

Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.

Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability

Microsoft · Windows

The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.