CVSS: 8.5EPSS: 89%CPEs: 10EXPL: 0CVE-2022-44698 – Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-44698
13 Dec 2022 — Windows SmartScreen Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad SmartScreen de Windows Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.4EPSS: 30%CPEs: 12EXPL: 1CVE-2022-41049 – Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-41049
09 Nov 2022 — Windows Mark of the Web Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad web de Windows Mark Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. • https://github.com/Nathan01110011/CVE-2022-41049-POC •
CVSS: 6.4EPSS: 5%CPEs: 12EXPL: 0CVE-2022-41091 – Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-41091
09 Nov 2022 — Windows Mark of the Web Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la característica de seguridad web de Windows Mark Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41091 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-41125 – Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41125
09 Nov 2022 — Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de Windows CNG Key Isolation Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41125 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 69%CPEs: 18EXPL: 0CVE-2022-41128 – Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41128
09 Nov 2022 — Windows Scripting Languages Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Windows Scripting Languages Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 1CVE-2022-41073 – Microsoft Windows Print Spooler Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41073
09 Nov 2022 — Windows Print Spooler Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en la Cola de Impresión de Windows Windows still suffers from issues related to the replacement of the system drive letter during impersonation. This can be abused to trick privilege processes to load configuration files and other resources from untrusted locations leading to elevation of privilege. Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-... • https://packetstorm.news/files/id/174528 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 94%CPEs: 19EXPL: 28CVE-2021-34527 – Microsoft Windows Print Spooler Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-34527
02 Jul 2021 —
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see ... • https://packetstorm.news/files/id/167261 • CWE-269: Improper Privilege Management •