CVE-2022-38006 Windows Graphics Component Information Disclosure Vulnerability

These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) numbers. A CVSS Severity Score of 5.8 has been assigned. CVSS is a protocol for data sharing that assigns a score from 1 to 10 to quantify the severity of a vulnerability. This score can be used to determine a severity ranking for any given vulnerability. For more information about CVSS, see https://www.cvedetails.com/cve/. Microsoft has released software updates to correct these issues. Additionally, to help protect against exploitation of these vulnerabilities, consider following these security best practices: Be cautious when opening emails or click on links in emails.

In Microsoft Edge, avoid clicking on hyperlinks in emails in detail mode.

In Microsoft Outlook, avoid clicking on hyperlinks in emails in plain text mode.

Disable “Detail view” in Microsoft Edge.

In Microsoft Word, avoid clicking on hyperlinks in emails in Draft view.

In Microsoft Excel, avoid clicking on hyperlinks in emails in Pivot tables view.

In Microsoft PowerPoint, avoid clicking on hyperlinks in emails in Slides view.

In Microsoft Access, avoid clicking on hyperlinks in emails in Design view.

In Microsoft Publisher, avoid clicking on hyperlinks in emails in Layout view. The security best practices mentioned in this advisory may not be applicable in every situation. Therefore, it is important thatSystem administrators review the risk of these vulnerabilities

Microsoft Edge CVE-2022 -38006

In Microsoft Edge, avoid clicking on hyperlinks in emails in detail mode.

Microsoft Edge CVE-2021-38009

These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) numbers. A CVSS Severity Score of 9.8 has been assigned. CVSS is a protocol for data sharing that assigns a score from 1 to 10 to quantify the severity of a vulnerability. This score can be used to determine a severity ranking for any given vulnerability. For more information about CVSS, see https://www.cvedetails.com/cve/. Microsoft has released software updates to correct these issues. Additionally, to help protect against exploitation of these vulnerabilities, consider following these security best practices: Be cautious when opening emails or click on links in emails
In Microsoft Edge, avoid clicking on hyperlinks in emails in detail mode.
In Microsoft Outlook, avoid clicking on hyperlinks in emails in plain text mode
In Microsoft Word, avoid clicking on hyperlinks in emails in Draft view
In Microsoft Excel, avoid clicking on hyperlinks in emails in Pivot tables view
In Microsoft PowerPoint, avoid clicking on hyperlinks in emails in Slides view
In Microsoft Access, avoid clicking on hyperlinks in emails in Design view

Microsoft Office Macros Vulnerabilities

These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) numbers. A CVSS Severity Score of 5.8 has been assigned. CVSS is a protocol for data sharing that assigns a score from 1 to 10 to quantify the severity of a vulnerability. This score can be used to determine a severity ranking for any given vulnerability. For more information about CVSS, see https://www.cvedetails.com/cve/. Microsoft has released software updates to correct these issues. Additionally, to help protect against exploitation of these vulnerabilities, consider following these security best practices: Be cautious when opening emails or click on links in emails.
In Microsoft Edge, avoid clicking on hyperlinks in emails in detail mode.
In Microsoft Outlook, avoid clicking on hyperlinks in emails in plain text mode.
Disable “Detail view” in Microsoft Edge.
In Microsoft Word, avoid clicking on hyperlinks in emails in Draft view.
In Microsoft Excel, avoid clicking on hyperlinks in emails in Pivot tables view.
In Microsoft PowerPoint, avoid clicking on hyperlinks in emails in Slides view

Security updates are cumulative

The security updates are cumulative. For example, when updating to a newer version of Windows 10, you should check the update history of your device to see what updates have been made available for that version.
To make sure you are running the latest updates for your device, we recommend that you check this site regularly: https://www.windowsupdate.com/u/ The Microsoft Security Updates Guide provides information about whether updates are available and how to obtain them.

Microsoft Office Software Frequently Asked Questions (FAQ)

What are the differences in the vulnerabilities addressed in this advisory?

This advisory covers vulnerabilities in Microsoft Office software. The different types of vulnerabilities include remote code execution, elevation of privilege, and denial-of-service. All three vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) numbers. A CVSS Severity Score of 5.8 has been assigned to these vulnerabilities. CVSS is a protocol for data sharing that assigns a score from 1 to 10 to quantify the severity of a vulnerability. This score can be used to determine a severity ranking for any given vulnerability. For more information about CVSS, see https://www.cvedetails.com/cve/. Microsoft has released software updates to correct these issues in supported releases of Microsoft Office software and recommend that customers update their systems as soon as possible . Additionally, to help protect against exploitation of these vulnerabilities, consider following these security best practices: Be cautious when opening emails or click on links in emails

Timeline

Published on: 09/13/2022 19:15:00 UTC
Last modified on: 09/16/2022 18:03:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38006
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38006