CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2022-37986 – Windows Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37986
Windows Win32k Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute code at low integrity on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode print driver host process. The issue results from insufficient validation of the origin of commands. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user at medium integrity. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37986 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-37987 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37987
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Client Server Run-time Subsystem (CSRSS). Este ID de CVE es diferente de CVE-2022-37989 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CSRSS.exe process. By performing a DOS device redirection, an attacker can alter a path used for searching for dependencies. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37987 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-37989 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37989
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Client Server Run-time Subsystem (CSRSS). Este ID de CVE es diferente de CVE-2022-37987 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CSRSS.exe process. By sending a crafted message to CSRSS, an attacker can cause an arbitrary DLL to be loaded. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37989 •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-37997 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37997
Windows Graphics Component Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Graphics Component. Este ID de CVE es exclusivo de CVE-2022-38051 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37997 •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-38028 – Microsoft Windows Print Spooler Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-38028
Windows Print Spooler Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Print Spooler Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38028 •