CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability.

CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability.

An attacker can exploit this vulnerability by persuading an administrator to install a malicious network share and then logging in to the system and viewing or modifying that share. An attacker can also exploit this vulnerability by convincing an administrator to install a malicious network share and then view or modify that share. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.

CVE-2017-1181: Microsoft Office Remote Code Execution Vulnerability.

An attacker can exploit this vulnerability by convincing an administrator to install a malicious Word, Excel, PowerPoint, or Outlook on a network share and then view or modify that share. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.

CVE-2017-1182: Remote Code Execution Vulnerability in Windows DNS.

An attacker can exploit this vulnerability by spoofing DNS requests to obtain sensitive information. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.

CVE-2017-1183: Remote Code Execution Vulnerability in RD Gateway.

Researching Microsoft Windows Software Updates

If Windows is installed on a local hard drive, this issue cannot be exploited through other means. If Windows is not installed on a local hard drive, Microsoft has released an update to address this vulnerability.

Microsoft Edge

Security Feature
An attacker can exploit this vulnerability by convincing an administrator to install a malicious network share and then view or modify that share. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.

Outlook Remote Code Execution Vulnerability

An attacker can exploit this vulnerability by convincing an administrator to install a malicious network share and then view or modify that share. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.

Limitations and requirements

The following components need to be present in order to exploit this vulnerability:
* Windows XP x64 or x86
* Remote Desktop Client (RDC)
* Remote Desktop Protocol (RDP)
* RD Gateway

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe