These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifiers. A complete list of CVEs can be found at https://cve.mitre.org. Details about the vulnerability: Microsoft Windows IKE extensions support (RFC 5996) is not enabled by default in Windows Vista and later operating systems. This means that any device that connects to a remote IKE daemon in order to establish a secure connection must have this protocol enabled in order to communicate. By default, Windows Vista, Windows Server 2008, Windows 7, Windows 8, Windows 10, and Windows Server 2012, do not enable IKE extensions. As a result, IKE connection attempts are not permitted, resulting in a Denial of Service. An attacker can exploit this vulnerability by connecting to a remote IKE daemon and sending data that results in a Denial of Service. A successful exploit can result in remote code execution in the context of the victim. Microsoft has released software updates to address this vulnerability. For more information about this vulnerability, see Microsoft Security Bulletin MS17-011. Workarounds There are no workarounds at this time for this vulnerability. Microsoft has indicated that this issue is being tracked in the Microsoft Security Response Center (MSRC) under the umbrella number MS17-011.
As of January 8, 2017, Microsoft has released a Cumulative Update for Windows 10 version 1607 and Windows Server 2016 version 1607 that addresses this issue

Microsoft Windows Remote Desktop Services (RDS)

Microsoft has released a security update to address this vulnerability. For more information about this vulnerability, see Microsoft Security Bulletin MS17-011. Workarounds There are no workarounds at this time for this vulnerability. Microsoft has indicated that this issue is being tracked in the Microsoft Security Response Center (MSRC) under the umbrella number MS17-011.
As of January 8, 2017, Microsoft has released a Cumulative Update for Windows 10 version 1607 and Windows Server 2016 version 1607 that addresses this issue

Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2022-21843

These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifiers. A complete list of CVEs can be found at https://cve.mitre.org. Details about the vulnerability: Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2022-21843
An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability only affects systems running Windows Vista, Windows Server 2008, Windows 7, Windows 8, and Windows 10 operating systems that have installed Internet Explorer 11 or later versions and haven't disabled support for older Active Scripting languages such as VBScript in Internet Options. For more information about this vulnerability, see Microsoft Security Bulletin MS17-010

Microsoft Windows - Microsoft Edge

Windows 10 includes Microsoft Edge, a web browser that supports HTML5, CSS3 and JavaScript. With the release of Windows 10, Microsoft Edge has been updated to improve reliability, performance and security for consumers.

Timeline

Published on: 01/11/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC

References