Overview
On September 14, NSFOCUS CERT detected that Microsoft released the September security update patch, which fixed 63 security issues, involving widely used products such as Windows TCP/IP, .NET Framework, Windows Print Spooler Components, and Windows LDAP. Including high-risk vulnerability types such as privilege escalation and remote code execution.
Among the vulnerabilities fixed by Microsoft’s monthly update this month, there are 5 Critical vulnerabilities and 58 Important vulnerabilities, including 2 zero-day vulnerabilities:
Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2022-37969)
Cache Speculation Limit Vulnerability (Arm) (CVE-2022-23960)
Relevant users are requested to update patches as soon as possible for protection. For a complete list of vulnerabilities, please refer to the appendix.
NSFOCUS RSAS has the ability to detect most of the vulnerabilities in Microsoft’s patch update (including high-risk vulnerabilities such as CVE-2022-37969, CVE-2022-34718, CVE-2022-34721, CVE-2022-34722, CVE-2022-34729), please pay attention to the update of the NSFOCUS RSAS plug-in upgrade package, and upgrade to V6.0R02F01.2812 in time.
Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep
Description of Major Vulnerabilities
According to the popularity of the product and the importance of the vulnerability, the most influential vulnerabilities contained in this update are screened out. Please pay attention to the relevant users:
Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2022-37969):
A privilege escalation vulnerability exists in the Common Log File System (CLFS), because the application in the common log file system driver does not implement the correct security restrictions, a local attacker with low privileges can bypass the security restrictions by exploiting this vulnerability, thereby in the target system Elevate to SYSTEM privileges and execute arbitrary code. The vulnerability has been publicly disclosed and exploited in the wild, with a CVSS score of 7.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/ch-ZN/vulnerability/CVE-2022-37969
Cache Speculation Limit Vulnerability (Arm) (CVE-2022-23960):
Because Arm Cortex and Neoverse processors do not enforce proper restrictions on cache speculation, the vulnerability has been publicly disclosed that, under certain configuration conditions, an authenticated local attacker could successfully exploit sensitive system information.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23960
Windows TCP/IP Remote Code Execution Vulnerability (CVE-2022-34718):
There is a remote code execution vulnerability in Windows TCP/IP. Because Windows TCP/IP does not fully verify the data entered by the user, an unauthenticated remote attacker sends specially crafted IPv6 packets, which eventually leads to arbitrary code execution on the target system. According to Microsoft official notice, only systems running IPSec services may be vulnerable to the vulnerability. The CVSS score was 9.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability (CVE-2022-34700/CVE-2022-35805):
There is a remote code execution vulnerability in Microsoft Dynamics CRM (on-premises). Because Dynamics CRM does not sufficiently filter the data entered by the user, an authenticated remote attacker can send a specially crafted request to the Dynamics 365 database as db_owner. Permission to execute commands arbitrarily without user interaction. The CVSS score was 8.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34700
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35805
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34721/CVE-2022-34722):
Because the applications in the IKE Protocol Extensions do not enforce proper security restrictions, an unauthenticated remote attacker can eventually execute arbitrary code on the target server by sending specially crafted IP packets to the IPSec-enabled computer, and No user interaction is required. The CVSS score was 9.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722
Windows Kernel Privilege Escalation Vulnerability (CVE-2022-37957):
A privilege escalation vulnerability exists in the Windows Kernel. Since the Windows Kernel does not implement the correct security restrictions, a local attacker with low privileges can bypass the security restrictions by exploiting this vulnerability, thereby escalating to the SYSTEM privilege on the target system and executing arbitrary code without the need for User interaction. The CVSS score was 7.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37957
Windows GDI Privilege Escalation Vulnerability (CVE-2022-34729):
A privilege escalation vulnerability exists in Windows GDI. Because Windows GDI does not implement the correct security restrictions, a local attacker with low privileges can bypass the security restrictions by exploiting this vulnerability, thereby escalating to SYSTEM privileges on the target system and executing arbitrary code without the need for a user. interact. The CVSS score was 7.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34729
Windows ALPC Privilege Escalation Vulnerability (CVE-2022-34725):
There is a privilege escalation vulnerability in Windows ALPC. Due to the flaws in the security restrictions of Windows ALPC, in a specific configuration environment, a local attacker with low privileges can bypass the security restrictions by exploiting this vulnerability, thereby elevating to the SYSTEM privilege on the target system and executing Arbitrary code without user interaction. The CVSS score was 7.0.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34725
Scope of Impact
The following are the affected product versions that focus on the vulnerability. For other products affected by the vulnerability, please refer to the official announcement link.
| Vulnerability number | Affected Product Version |
| CVE-2022-37969 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2022-34718 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2022-34700 CVE-2022-35805 | Microsoft Dynamics CRM (on-premises) 9.1 Microsoft Dynamics CRM (on-premises) 9.0 |
| CVE-2022-34721 CVE-2022-34722 | Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems |
| CVE-2022-34724 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 |
| CVE-2022-37957 | Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 11 for x64-based Systems Windows 11 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
| CVE-2022-34729 | Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 11 for x64-based Systems Windows 11 for ARM64-based Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
| CVE-2022-34725 | Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 11 for x64-based Systems Windows 11 for ARM64-based Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
Mitigation
Patch Update
At present, Microsoft has officially released a security patch to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install the patch as soon as possible for protection. The official download link:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep
Note: Due to network problems, computer environment problems, etc., the patch update of Windows Update may fail. After installing the patch, the user should promptly check whether the patch is successfully updated.
Right-click the Windows icon, select “Settings (N)”, select “Update and Security” – “Windows Update”, and view the prompt information on this page. You can also click “View Update History” to view the historical update status.
For updates that are not successfully installed, you can click the update name to jump to the official Microsoft download page. It is recommended that users click the link on this page and go to the “Microsoft Update Catalog” website to download and install the independent package.
Appendix
| Affected product | CVE No. | Vulnerability | Severity |
| Microsoft Dynamics CRM | CVE-2022-34700 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Critical |
| Microsoft Dynamics CRM | CVE-2022-35805 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2022-34721 | Windows Internet Key Exchange (IKE) Protocol Extension Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2022-34722 | Windows Internet Key Exchange (IKE) Protocol Extension Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2022-34718 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2022-37969 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-23960 * | CVE-2022-23960 Cache Speculation Limit Vulnerability | Important |
| Microsoft Visual Studio | CVE-2022-38013 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
| Microsoft .NET Framework | CVE-2022-26929 | .NET Framework Remote Code Execution Vulnerability | Important |
| AV1 Video Extension | CVE-2022-38019 | AV1 Video Extension Remote Code Execution Vulnerability | Important |
| Azure | CVE-2022-38007 | Server Privilege Escalation Vulnerability in Azure Guest Configuration and Azure ARC Support | Important |
| Windows | CVE-2022-37954 | Elevation of Privilege Vulnerability in DirectX Graphics Kernel | Important |
| Windows | CVE-2022-35838 | HTTP V3 Denial of Service Vulnerability | Important |
| Microsoft Defender for Endpoint for Mac | CVE-2022-35828 | Elevation of Privilege Vulnerability in Microsoft Defender for Endpoint for Mac | Important |
| Windows | CVE-2022-34726 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-34727 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-34730 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-34732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-34734 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2022-37963 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2022-38010 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-34731 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-34733 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-35834 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-35835 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-35836 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-35840 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2022-37962 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft SharePoint | CVE-2022-35823 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft SharePoint Server | CVE-2022-37961 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft SharePoint Server | CVE-2022-38008 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft SharePoint Server | CVE-2022-38009 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Windows Server | CVE-2022-37959 | NDES Security Feature Bypass Vulnerability | Important |
| Raw Image Extension | CVE-2022-38011 | Original Image Extension Remote Code Execution Vulnerability | Important |
| Windows Server | CVE-2022-35830 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-37958 | NEGOEX Security Mechanism Information Disclosure Vulnerability | Important |
| Visual Studio Code | CVE-2022-38020 | Visual Studio Code Privilege Escalation Vulnerability | Important |
| Windows | CVE-2022-34725 | Windows ALPC Privilege Escalation Vulnerability | Important |
| Windows | CVE-2022-35803 | Windows Generic Journaling File System Driver Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-30170 | Windows Credential Roaming Service Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-34719 | Windows Distributed File System (DFS) Elevation of Privilege Vulnerability | Important |
| Windows Server | CVE-2022-34724 | Windows DNS Server Denial of Service Vulnerability | Important |
| Windows | CVE-2022-34723 | Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability | Important |
| Windows | CVE-2022-35841 | Windows Enterprise Application Management Services Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-35832 | Windows Event Tracing Denial of Service Vulnerability | Important |
| Windows | CVE-2022-38004 | Windows Fax Service Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-34729 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-38006 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Windows | CVE-2022-34728 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Windows | CVE-2022-35837 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Windows | CVE-2022-37955 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-34720 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows Server | CVE-2022-33647 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Server | CVE-2022-33679 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-37956 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-37957 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-37964 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-30200 | LDAP Remote Code Execution Vulnerability | Important |
| Windows | CVE-2022-26928 | Windows Photo Import API Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-38005 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows | CVE-2022-35831 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows | CVE-2022-30196 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows | CVE-2022-35833 | Windows Secure Channel Denial of Service Vulnerability | Important |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
