Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2022-33679 CVE-2022-33647 |
CWE-ID | CWE-264 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Windows Server Operating systems & Components / Operating system |
Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU67274
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-33679
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Kerberos. A remote attacker can perform a man-in-the-middle attack, leading to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: 2003 - 2022 20H2
Fixed software versionsCPE2.3 External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33679
http://bugs.chromium.org/p/project-zero/issues/detail?id=2310
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67276
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-33647
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Kerberos. A remote attacker can perform a man-in-the-middle attack, leading to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: 2003 - 2022 20H2
Fixed software versionsCPE2.3 External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33647
http://bugs.chromium.org/p/project-zero/issues/detail?id=2310
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?