Test ID:	1.3.6.1.4.1.25623.1.0.817782
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows Multiple Vulnerabilities (KB5014748)
Summary:	This host is missing an important security; update according to Microsoft KB5014748
Description:	Summary: This host is missing an important security update according to Microsoft KB5014748 Vulnerability Insight: Multiple flaws exist due to: - An elevation of privilege vulnerability in Local Security Authority Subsystem Service. - A Remote Code Execution Vulnerability in Windows Hyper-V. - A Denial of Service Vulnerability in Windows Kernel. The flaw in the Microsoft Windows Support Diagnostic Tool (MSDT) and tracked via CVE-2022-30190 is dubbed 'Follina'. Please see the references for more information about the vulnerabilities. Vulnerability Impact: Successful exploitation will allow an attacker to elevate privileges, execute arbitrary commands, disclose information and conduct DoS attacks. Affected Software/OS: - Microsoft Windows 7 for 32-bit Systems Service Pack 1 - Microsoft Windows 7 for x64-based Systems Service Pack 1 - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-21123 Debian Security Information: DSA-5173 (Google Search) https://www.debian.org/security/2022/dsa-5173 Debian Security Information: DSA-5178 (Google Search) https://www.debian.org/security/2022/dsa-5178 Debian Security Information: DSA-5184 (Google Search) https://www.debian.org/security/2022/dsa-5184 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/ https://security.gentoo.org/glsa/202208-23 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html http://www.openwall.com/lists/oss-security/2022/06/16/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-21125 Common Vulnerability Exposure (CVE) ID: CVE-2022-21127 Common Vulnerability Exposure (CVE) ID: CVE-2022-21166 Common Vulnerability Exposure (CVE) ID: CVE-2022-30135 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30135 Common Vulnerability Exposure (CVE) ID: CVE-2022-30140 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30140 Common Vulnerability Exposure (CVE) ID: CVE-2022-30141 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30141 Common Vulnerability Exposure (CVE) ID: CVE-2022-30142 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30142 Common Vulnerability Exposure (CVE) ID: CVE-2022-30143 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30143 Common Vulnerability Exposure (CVE) ID: CVE-2022-30146 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30146 Common Vulnerability Exposure (CVE) ID: CVE-2022-30147 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30147 Common Vulnerability Exposure (CVE) ID: CVE-2022-30149 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30149 Common Vulnerability Exposure (CVE) ID: CVE-2022-30151 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30151 Common Vulnerability Exposure (CVE) ID: CVE-2022-30152 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30152 Common Vulnerability Exposure (CVE) ID: CVE-2022-30153 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30153 Common Vulnerability Exposure (CVE) ID: CVE-2022-30155 http://packetstormsecurity.com/files/167755/Windows-Kernel-nt-MiRelocateImage-Invalid-Read.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30155 Common Vulnerability Exposure (CVE) ID: CVE-2022-30160 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30160 Common Vulnerability Exposure (CVE) ID: CVE-2022-30161 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30161 Common Vulnerability Exposure (CVE) ID: CVE-2022-30163 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30163 Common Vulnerability Exposure (CVE) ID: CVE-2022-30166 http://packetstormsecurity.com/files/167754/Windows-LSA-Service-LsapGetClientInfo-Impersonation-Level-Check-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30166 Common Vulnerability Exposure (CVE) ID: CVE-2022-30190 http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.