Details of VAR-202208-0633

ID

VAR-202208-0633

CVE

CVE-2022-35750

TITLE

plural Microsoft Windows Elevated privilege vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2022-005717

DESCRIPTION

Win32k Elevation of Privilege Vulnerability. plural Microsoft Windows The product has Win32k There is a vulnerability that elevates privileges due to a flaw in.You may be elevated. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the cdd.dll driver. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Microsoft Windows Canonical Display是美国微软（Microsoft）公司的一个为GDI图形提供渲染的支撑程序. Microsoft Windows Canonical Display Driver存在安全漏洞。以下产品和版本受到影响：Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows Server 2022 (Server Core installation),Windows Server 2022,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems

Trust: 3.42

sources: NVD: CVE-2022-35750 // JVNDB: JVNDB-2022-005717 // ZDI: ZDI-22-1075 // ZDI: ZDI-22-1069 // CNNVD: CNNVD-202208-2533

AFFECTED PRODUCTS

vendor:	microsoft	model:	windows	scope:	-	version:	-	Trust: 1.4
vendor:	microsoft	model:	windows 10 1607	scope:	lt	version:	10.0.14393.5291	Trust: 1.0
vendor:	microsoft	model:	windows 7	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2022	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows 10 1809	scope:	lt	version:	10.0.17763.3287	Trust: 1.0
vendor:	microsoft	model:	windows server 20h2	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows 11 21h2	scope:	lt	version:	10.0.22000.856	Trust: 1.0
vendor:	microsoft	model:	windows 8.1	scope:	lt	version:	6.3.9600.20520	Trust: 1.0
vendor:	microsoft	model:	windows rt 8.1	scope:	lt	version:	6.3.9600.20520	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	r2	Trust: 1.0
vendor:	microsoft	model:	windows 10 1507	scope:	lt	version:	10.0.10240.19387	Trust: 1.0
vendor:	microsoft	model:	windows server 2016	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	r2	Trust: 1.0
vendor:	microsoft	model:	windows server 2019	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows 10 20h2	scope:	lt	version:	10.0.19042.1889	Trust: 1.0
vendor:	microsoft	model:	windows 10 21h1	scope:	lt	version:	10.0.19043.1889	Trust: 1.0
vendor:	マイクロソフト	model:	microsoft windows server 2016	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 r2 for x64-based systems sp1	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2008	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	20h2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012 r2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2022 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for 32-bit systems sp2	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2022	scope:	eq	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 r2 for x64-based systems sp1 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 7	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for x64-based systems sp2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012 r2	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2012	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2016 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 8.1	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2022	scope:	eq	version:	(server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2019 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for 32-bit systems sp2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2019	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2022	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 10	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows rt 8.1	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2019	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2016	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for x64-based systems sp2	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 11	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012 (server core installation)	Trust: 0.8

sources: ZDI: ZDI-22-1075 // ZDI: ZDI-22-1069 // JVNDB: JVNDB-2022-005717 // NVD: CVE-2022-35750

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2022-35750
value:	HIGH
Trust: 1.4
secure@microsoft.com:	CVE-2022-35750
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-005717
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-2533
value:	HIGH
Trust: 0.6

ZDI:	CVE-2022-35750
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.0
Trust: 1.4
secure@microsoft.com:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-005717
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZDI: ZDI-22-1075 // ZDI: ZDI-22-1069 // JVNDB: JVNDB-2022-005717 // NVD: CVE-2022-35750 // CNNVD: CNNVD-202208-2533

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-005717 // NVD: CVE-2022-35750

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-2533

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2533

CONFIGURATIONS

sources: NVD: CVE-2022-35750

PATCH

title:	Microsoft has issued an update to correct this vulnerability.	url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-35750	Trust: 1.4
title:	Win32k Elevation of Privilege Vulnerability Security Update Guide	url:	https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2022-35750	Trust: 0.8
title:	Microsoft Windows Canonical Display Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqbyid.tag?id=239743	Trust: 0.6
title:	Securelist	url:	https://securelist.com/it-threat-evolution-in-q3-2022-non-mobile-statistics/107963/	Trust: 0.1

sources: ZDI: ZDI-22-1075 // ZDI: ZDI-22-1069 // VULMON: CVE-2022-35750 // JVNDB: JVNDB-2022-005717 // CNNVD: CNNVD-202208-2533

EXTERNAL IDS

db:	NVD	id:	CVE-2022-35750	Trust: 4.7
db:	JVNDB	id:	JVNDB-2022-005717	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-17679	Trust: 0.7
db:	ZDI	id:	ZDI-22-1075	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-17441	Trust: 0.7
db:	ZDI	id:	ZDI-22-1069	Trust: 0.7
db:	CNNVD	id:	CNNVD-202208-2533	Trust: 0.6
db:	VULMON	id:	CVE-2022-35750	Trust: 0.1

sources: ZDI: ZDI-22-1075 // ZDI: ZDI-22-1069 // VULMON: CVE-2022-35750 // JVNDB: JVNDB-2022-005717 // NVD: CVE-2022-35750 // CNNVD: CNNVD-202208-2533

REFERENCES

url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-35750	Trust: 3.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-35750	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20220810-ms.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2022/at220021.html	Trust: 0.8
url:	https://vigilance.fr/vulnerability/microsoft-windows-vulnerabilities-of-august-2022-39030	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-35750/	Trust: 0.6
url:	https://securelist.com/it-threat-evolution-in-q3-2022-non-mobile-statistics/107963/	Trust: 0.1

sources: ZDI: ZDI-22-1075 // ZDI: ZDI-22-1069 // VULMON: CVE-2022-35750 // JVNDB: JVNDB-2022-005717 // NVD: CVE-2022-35750 // CNNVD: CNNVD-202208-2533

CREDITS

Marcin Wiazowski

Trust: 1.4

sources: ZDI: ZDI-22-1075 // ZDI: ZDI-22-1069

SOURCES

db:	ZDI	id:	ZDI-22-1075
db:	ZDI	id:	ZDI-22-1069
db:	VULMON	id:	CVE-2022-35750
db:	JVNDB	id:	JVNDB-2022-005717
db:	NVD	id:	CVE-2022-35750
db:	CNNVD	id:	CNNVD-202208-2533

LAST UPDATE DATE

2023-12-18T13:00:39.657000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-1075	date:	2022-08-18T00:00:00
db:	ZDI	id:	ZDI-22-1069	date:	2022-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-005717	date:	2023-06-09T04:50:00
db:	NVD	id:	CVE-2022-35750	date:	2023-06-07T20:54:17.420
db:	CNNVD	id:	CNNVD-202208-2533	date:	2023-06-08T00:00:00

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-1075	date:	2022-08-18T00:00:00
db:	ZDI	id:	ZDI-22-1069	date:	2022-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-005717	date:	2023-06-09T00:00:00
db:	NVD	id:	CVE-2022-35750	date:	2023-05-31T19:15:16.677
db:	CNNVD	id:	CNNVD-202208-2533	date:	2022-08-09T00:00:00