CVE-2022-38497 LIEF's CoreFile.tcc component had a segmentation violation.
The issue was tracked down to a missing check in the code that prevented a file from being loaded that was marked as unsafe. Because of this, the platform was vulnerable to a remote code execution vulnerability if a user were to open a specially crafted file using the system’s file explorer.
Microsoft was made aware of the issue via the PTF process, and the commit was fixed two days later with a release of commit a0f8e46.
HELIUM commit d3a36c3 was discovered to contain a heap buffer overflow vulnerability. The component that was affected was CoreAudioClipping.tcc.
However, this component is only loaded by Edge and Internet Explorer, so the issue did not affect most users.
Microsoft was made aware of the issue via the PTF process, and the commit was fixed three days later with a release of commit 858d999.
HELIUM commit 7b14a58 was discovered to contain a heap buffer overflow vulnerability. The component that was affected was CoreText.tcc.
Microsoft was made aware of the issue via the PTF process, and the commit was fixed four days later with a release of commit f66a6f5.
It’s important to note that all of the PTFs referenced above were fixed before the public release of Windows 10 on July 29th. However, the fact that PTFs were published at all shows that Microsoft takes
Microsoft is not a stranger to publishing PTFs https://github.com/microsoft/windows-kernel
Windows 7 and Windows 8.1 are still vulnerable
Microsoft has fixed vulnerabilities that may affect computers running Windows 7 and Windows 8.1, but those operating systems are not yet at a level of security where they can be safely used on the Internet.
The issue was tracked down to a missing check in the code that prevented a file from being loaded that was marked as unsafe. Because of this, the platform was vulnerable to a remote code execution vulnerability if a user were to open a specially crafted file using the system’s file explorer.
Microsoft was made aware of the issue via the PTF process, and the commit was fixed two days later with a release of commit fd59c1e.
HELIUM commit c8e2b50 was discovered to contain an elevation of privilege vulnerability in Local Security Authority Subsystem Service (LSASS). This component is only loaded by Windows 8 and Windows 8.1 users, so the issue did not affect most users.
Microsoft was made aware of the issue via the PTF process, and the commit was fixed three days later with a release of commit 3fef391.
Windows 10 vs
Windows 7
Microsoft is going through a transition period with Windows 10. Microsoft released Windows 10 in an effort to update the features and functionality of the operating system. However, some people are questioning whether or not this is a good decision for Microsoft because of the times when it comes to releasing new updates for Windows 10.
Since Windows 7 was released in 2009, the only updates that were made were for security-related issues. This means that all driver updates and security patches were previously included in Windows 7 and nothing has changed since then. Now that Microsoft is updating their operating systems, there’s a lot of concern as to how this will affect driver compatibility on older devices.
Some are worried that drivers may stop working if they update their OS because they’re not compatible with the latest version of Windows 10. Some people also worry about whether or not Microsoft will be able to keep up with the demand of newer drivers as time goes on and if this will have any effect on driver compatibility on older devices.
On top of these concerns, there's also speculation as to what kind of performance users can expect from upgrading their OS. Some people are concerned about losing hardware functionality after updating their OS, while others are worried about performance degradation or bugs with newer versions of windows 10.
Timeline
Published on: 09/13/2022 21:15:00 UTC
Last modified on: 09/21/2022 20:00:00 UTC