NULL pointer dereference in Microsoft products - CVE-2022-44697
Published: December 13, 2022 / Updated: April 25, 2023
Vulnerability identifier: #VU70163
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-44697
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Windows
Windows Server
Remote Desktop client for Windows Desktop
Windows
Windows Server
Remote Desktop client for Windows Desktop
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the win32kfull driver. A local user can run a specially crafted program and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.
External links
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44697
- https://www.zerodayinitiative.com/advisories/ZDI-22-1675/
- https://www.zerodayinitiative.com/advisories/ZDI-23-476/
- https://www.zerodayinitiative.com/advisories/ZDI-23-475/
- https://www.zerodayinitiative.com/advisories/ZDI-23-474/
- https://www.zerodayinitiative.com/advisories/ZDI-23-473/
- https://www.zerodayinitiative.com/advisories/ZDI-23-472/
- https://www.zerodayinitiative.com/advisories/ZDI-23-471/
- https://www.zerodayinitiative.com/advisories/ZDI-23-470/
- https://www.zerodayinitiative.com/advisories/ZDI-23-469/
- https://www.zerodayinitiative.com/advisories/ZDI-23-468/
- https://www.zerodayinitiative.com/advisories/ZDI-23-467/
- https://www.zerodayinitiative.com/advisories/ZDI-23-466/
- https://www.zerodayinitiative.com/advisories/ZDI-23-465/
- https://www.zerodayinitiative.com/advisories/ZDI-23-464/
- https://www.zerodayinitiative.com/advisories/ZDI-23-463/