Main Vulnerability Database Vulnerabilities #VU70161

#VU70161 Security features bypass in Windows and Windows Server - CVE-2022-44698

Published: December 13, 2022

Vulnerability identifier: #VU70161

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2022-44698

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in Windows SmartScreen. A remote attacker can bypass Mark of the Web (MOTW) defenses and potentially compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44698

#VU70161 Security features bypass in Windows and Windows Server - CVE-2022-44698

Description

Remediation

External links

Please verify you're human