This issue affects Windows 8 and Windows RT, Windows Server 2012 and Windows Server 2012 R2, Windows 10. Microsoft currently has no patch available.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. Users whose accounts are configured to have administrative privileges would be able to elevate their privileges to admin level.
CVE-2022-35841: Microsoft Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35838, CVE-2022-38007.
This issue affects Windows 8 and Windows RT, Windows Server 2012 and Windows Server 2012 R2, Windows 10. Microsoft currently has no patch available.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. Users whose accounts are configured to have administrative privileges would be able to elevate their privileges to admin level.
CVE-2022-35840: Microsoft Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35839.
In addition to the information disclosure vulnerabilities detailed above, there are additional issues with the Windows Graphics Component. These can be exploited by malicious code to achieve information disclosure or remote code execution. These issues are currently being investigated by Microsoft.
Windows 10 – Software Restriction Policies (SREs)
Windows 10 introduced a new feature known as Software Restriction Policies (SREs). SREs allow you to create rules that require individual apps to be digitally signed by a trusted publisher. If an app is not signed by a trusted publisher, then the user cannot download and install the app.
This feature can help prevent malicious software from installing on your PC without your knowledge or consent. For example, if an attacker wanted to add malicious code such as ransomware, they would need to disguise it as a legitimate application. To do this, they would need to digitally sign their code so it could bypass SREs. But because SREs are enabled on Windows 10, this attack would be blocked by the OS.
If you have a device running Windows 10, make sure that you enable SRE policies for all software that needs them.
Windows Shell Vulnerability
This issue affects Windows 8 and Windows RT, Windows Server 2012 and Windows Server 2012 R2, Windows 10. Microsoft currently has no patch available.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. Users whose accounts are configured to have administrative privileges would be able to elevate their privileges to admin level.
Timeline
Published on: 09/13/2022 19:15:00 UTC
Last modified on: 09/16/2022 17:30:00 UTC