This issue allows a remote attacker to execute code on affected systems as a user with the “Install and activate programs” permission. This issue is rated as Critical due to the possibility of remote code execution. These vulnerabilities have been assigned the CVE IDs: CVE-2022-41046, CVE-2022-41100. This issue only affects Windows 7, Windows 8, Windows Server 2012, and Windows Server 2012 R2. Microsoft released updates to address this issue for these versions of Windows. These updates are listed in the table below. To determine if you are running one of these versions, follow the instructions for checking the version of Windows that are installed on your computer. Windows 7 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows 7 Service Pack 1 (SP1) Windows Server 2008 R2 SP1 Windows Server 2012 Service Pack 1 (SP1) Windows Server 2012 R2 Service Pack 1 (SP1) In addition, Microsoft has provided a complete list of issues that are addressed by these updates at the following link: https://support.microsoft.com/en-us/kb/3119143
Microsoft provided updates to address 28 CVEs listed in this bulletin
This bulletin is also applicable to Windows 8.1, Windows 10, and Windows Server 2016. For more information about the updates from Microsoft for these operating systems, see Microsoft Knowledge Base Article 3102859: https://support.microsoft.com/en-us/kb/3102859
How to determine if you are running an affected version of Windows
To determine which version of Windows is installed on your computer, follow the instructions at this link:
https://support.microsoft.com/en-us/kb/3119143
Microsoft has issued the following updates to address CVE-2022-41046, CVE-2022-41100, and CVE-2022-4 1100
KB 3138286 KB 3206632 KB 3212372
Check the version of Windows that is installed on your computer
1. Check the Windows version installed on your computer
2. Use the instructions below to determine if you are running a vulnerable operating system
Microsoft has confirmed this issue and is not aware of further attacks
To help protect customers, Microsoft has confirmed this issue and is not aware of any further attacks.
Timeline
Published on: 11/09/2022 22:15:00 UTC
Last modified on: 11/10/2022 00:33:00 UTC