CVEs of MS Exchange Server and Windows were added in Known Exploited Vulnerabilities Catalog on 09.30, 10.11
CVE-2022-41082 Microsoft Exchange Server
Microsoft Exchange Server Remote Code Execution VulnerabilityAdded in K.E.V. Catalog on 2022-09-30
Microsoft Exchange Server contains an unspecified vulnerability which allows for authenticated remote code execution.
Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
Microsoft Exchange Server には、認証されたリモートでのコード実行を可能にする未指定の脆弱性が 存在します。 "ProxyNotShell" と呼ばれるこの脆弱性は、リモートでコードを実行できる CVE-2022-41040 と連鎖する可能性があります。
Apply updates per vendor instructions by 2022-10-21.
2022-10-21 までに、ベンダーの指示に従い、アップデートを適用してください。
https://msrc-blog.microsoft.
CVE-2022-41040 Microsoft Exchange Server
Microsoft Exchange Server Server-Side Request Forgery Vulnerability
Added in K.E.V. Catalog on 2022-09-30
Microsoft Exchange Server allows for server-side request forgery.
Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
CVE-2022-41040 Microsoft Exchange Server
Microsoft Exchange Server Server-Side Request Forgery VulnerabilityAdded in K.E.V. Catalog on 2022-09-30
Microsoft Exchange Server allows for server-side request forgery.
Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
Microsoft Exchange Server は、サーバーサイドリクエストフォージェリーの可能性があります。
"ProxyNotShell" と呼ばれるこの脆弱性は、リモートでコードを実行できるCVE-2022-41082と連鎖します。
Apply updates per vendor instructions by 2022-10-21.
https://msrc-blog.microsoft.
Added in K.E.V. Catalog on 2022-10-11
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
https://msrc-blog.microsoft.
CVE-2022-41033 Microsoft Windows COM+ Event System Service
Microsoft Windows COM+ Event System Service Privilege Escalation VulnerabilityAdded in K.E.V. Catalog on 2022-10-11
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows COM+ Event System Service には、権限昇格の可能性がある未確認の脆弱性が存在します。
Apply updates per vendor instructions by 2022-11-01.
https://msrc.microsoft.com/
https://msrc.microsoft.com/
No comments:
Post a Comment