Microsoft – Patch Tuesday – CVE-2022-44676

Date de publication :

Une faille dans le composant Secure Socket Tunneling Protocol (SSTP) de Microsoft Windows permet à un attaquant, en envoyant une demande de connexion spécialement forgée à un serveur RAS, d’exécuter du code arbitraire sur le système.

CVE-2022-44676

[Score CVSS v3.1: 8.1]

Informations

La faille est activement exploitée : Non

Un correctif existe : Oui

Une mesure de contournement existe : Non

Risques

Exécution de code arbitraire

Exploitation

La vulnérabilité exploitée est du type

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Détails sur l’exploitation

  • Vecteur d’attaque : Réseau.

  • Complexité de l’attaque : Élevée.

  • Privilèges nécessaires pour réaliser l’attaque : Aucun.

  • Interaction d’un utilisateur ayant accès au produit est-elle nécessaire : Non.

  • L’exploitation de la faille permet d’obtenir des droits privilégiés : Non.

Systèmes ou composants affectés

Produits Microsoft affectés

 

    Microsoft Windows 7 SP1 x32
    Microsoft Windows 7 SP1 x64
    Microsoft Windows Server 2012
    Microsoft Windows 8.1 x32
    Microsoft Windows 8.1 x64
    Microsoft Windows Server 2012 R2
    Microsoft Windows RT 8.1
    Microsoft Windows 10 x32
    Microsoft Windows 10 x64
    Microsoft Windows Server 2016
    Microsoft Windows Server 2019
    Microsoft Windows 10 1809 for x64-based Systems
    Microsoft Windows 10 1809 for 32-bit Systems
    Microsoft Windows 10 1809 for ARM64-based Systems
    Microsoft Windows 10 1607 for 32-bit Systems
    Microsoft Windows 10 1607 for x64-based Systems
    Microsoft Windows 10 20H2 for 32-bit Systems
    Microsoft Windows 10 20H2 for ARM64-based Systems
    Microsoft Windows 10 20H2 for x64-based Systems
    Microsoft Windows Server (Server Core installation) 2019
    Microsoft Windows Server (Server Core installation) 20H2
    Microsoft Windows Server (Server Core installation) 2016
    Microsoft Windows Server (Server Core installation) 2012 R2
    Microsoft Windows Server (Server Core installation) 2012
    Microsoft Windows Server for X64-based systems 2008 R2 SP1
    Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
    Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
    Microsoft Windows Server for 32-bit systems 2008 SP2
    Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
    Microsoft Windows 10 21H1 for 32-bit Systems
    Microsoft Windows 10 21H1 for ARM64-based Systems
    Microsoft Windows 10 21H1 for x64-based Systems
    Microsoft Windows Server 2022
    Microsoft Windows Server (Server Core installation) 2022
    Microsoft Windows Server for X64-based systems 2008 SP2
    Microsoft Windows 11 x64
    Microsoft Windows 11 ARM64
    Microsoft Windows 10 21H2 for 32-bit Systems
    Microsoft Windows 10 21H2 for ARM64-based Systems
    Microsoft Windows 10 21H2 for x64-based Systems
    Microsoft Windows 11 22H2 for ARM64-based Systems
    Microsoft Windows 11 22H2 for x64-based Systems
    Microsoft Windows 10 22H2 for 32-bit Systems
    Microsoft Windows 10 22H2 for ARM64-based Systems
    Microsoft Windows 10 22H2 for x64-based Systems

 

Solutions ou recommandations

Appliquer les correctifs suivants :

  • Windows Server 2022 Datacenter: Azure Edition : [KB5021249]
  • Windows Server 2022 : [KB5021249]
  • Windows Server 2019 : [KB5021237]
  • Windows Server 2016 : [KB5021235]
  • Windows Server 2012 R2 : [KB5021294][KB5021296]
  • Windows Server 2012 : [KB5021285][KB5021303]
  • Windows Server 2008 for x64-based Systems Service Pack 2 : [KB5021289][KB5021293]
  • Windows Server 2008 for 32-bit Systems Service Pack 2 [KB5021289][KB5021293]
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 : [KB5021291][KB5021288] Windows RT 8.1 : [KB5021294]
  • Windows 8.1 for x64-based systems : [KB5021294] [KB5021296]
  • Windows 8.1 for 32-bit systems : [KB5021294] [KB5021296]
  • Windows 7 for x64-based Systems Service Pack 1 : [KB5021291][KB5021288]
  • Windows 7 for 32-bit Systems Service Pack 1 : [KB5021291] [KB5021288]
  • Windows 11 for x64-based Systems : [KB5021234]
  • Windows 11 for ARM64-based Systems : [KB5021234]
  • Windows 11 Version 22H2 for x64-based Systems : [KB5021255
  • Windows 11 Version 22H2 for ARM64-based Systems : [KB5021255
  • Windows 10 for x64-based Systems : [KB5021243]
  • Windows 10 for 32-bit Systems : [KB5021243]
  • Windows 10 Version 22H2 for x64-based Systems : [KB5021233
  • Windows 10 Version 22H2 for ARM64-based Systems : [KB5021233]
  • Windows 10 Version 22H2 for 32-bit Systems : [KB5021233
  • Windows 10 Version 21H2 for x64-based Systems : [KB5021233
  • Windows 10 Version 21H2 for ARM64-based Systems : [KB5021233
  • Windows 10 Version 21H2 for 32-bit Systems : [KB5021233
  • Windows 10 Version 21H1 for x64-based Systems : [KB5021233]
  • Windows 10 Version 21H1 for ARM64-based Systems : [KB5021233
  • Windows 10 Version 21H1 for 32-bit Systems : [KB5021233
  • Windows 10 Version 20H2 for x64-based Systems : [KB5021233
  • Windows 10 Version 20H2 for ARM64-based Systems : [KB5021233
  • Windows 10 Version 20H2 for 32-bit Systems : [KB5021233
  • Windows 10 Version 1809 for x64-based Systems : [KB5021237]
  • Windows 10 Version 1809 for ARM64-based Systems : [KB5021237]
  • Windows 10 Version 1809 for 32-bit Systems : [KB5021237]
  • Windows 10 Version 1607 for x64-based Systems : [KB5021235]
  • Windows 10 Version 1607 for 32-bit Systems : [KB5021235]

Des informations complémentaires sont disponibles ici.

Liens