{"vulnerability": "CVE-2022-4107", "sightings": [{"uuid": "e61829fb-9e05-4416-bdf9-d4d0fee91fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41073", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "c96f1802-d673-4e6c-8b1f-b6502dfbc342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41073", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971739", "content": "", "creation_timestamp": "2024-12-24T20:33:28.745486Z"}, {"uuid": "1c3ed47b-334a-48f0-a807-47237f9240b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-41073", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/2b7c56f8-d0e6-40cc-86b5-25b84373d912", "content": "", "creation_timestamp": "2026-02-02T12:27:09.699250Z"}, {"uuid": "f65b2a12-a257-4928-aa4f-e57c6a505d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41073", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:39.000000Z"}, {"uuid": "27de8b39-db34-4676-8442-3a4e06eb2561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-41073", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=913", "content": "", "creation_timestamp": "2022-11-09T04:00:00.000000Z"}, {"uuid": "86f26a9e-b3f2-4dde-a3bb-148ff0985c47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41073", "type": "seen", "source": "https://t.me/poxek/2604", "content": "CVE-2022-41073\n\nSimple File List Plugin &lt;= 3.2.4 - Unauthenticated Arbitrary File Download\n\n\u041f\u043b\u0430\u0433\u0438\u043d \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0440\u043e\u043b\u0435\u0439. \u041d\u043e \u0432 \u043d\u0435\u043c \u043d\u0435 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0440\u043e\u043b\u0438 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0430. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0445\u0430\u043a\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u0435 \u0441\u043f\u0438\u0441\u043a\u0430 \u0444\u0430\u0439\u043b\u043e\u0432, \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 Path Traversal.\n\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u043f\u0440\u043e\u0439\u0434\u044f \u043f\u043e \u043f\u0443\u0442\u0438\n\u0422\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f: No\n\n#CVE #POC", "creation_timestamp": "2022-12-08T07:17:40.000000Z"}, {"uuid": "47909089-c209-4f3e-81b8-3498d603b673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41073", "type": "published-proof-of-concept", "source": "https://t.me/alexmakus/4847", "content": "\u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 Patch Tuesday \u0443 Microsoft. 68 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 4 zero day\n\n-CVE-2022-41128, JScript9 RCE, via Google TAG\n-CVE-2022-41091, MOTW bypass\n-CVE-2022-41073, Print spooler EoP, via MSTIC\n-CVE-2022-41125, CNG EoP\n\nhttps://rawcdn.githack.com/campuscodi/Microsoft-Patch-Tuesday-Security-Reports/1a976afcf461b6f104d40601305e4c9773175f57/Reports/MSRC_CVEs2022-Nov.html", "creation_timestamp": "2022-11-08T20:27:53.000000Z"}, {"uuid": "454d1cdc-55cd-4ca2-825a-ba213b2fccc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41073", "type": "seen", "source": "https://t.me/arpsyndicate/1399", "content": "#ExploitObserverAlert\n\nCVE-2022-41073\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-41073. Windows Print Spooler Elevation of Privilege Vulnerability\n\nFIRST-EPSS: 0.003100000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-05T05:27:47.000000Z"}, {"uuid": "9cfe4dcf-2e5a-4995-9129-485cd155a74d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "Telegram/RFfwK1BBWd1yksqXOQORWmjVF_Swxhl7IKlxdVTfn7Fq5ds", "content": "", "creation_timestamp": "2023-02-02T06:34:32.000000Z"}, {"uuid": "e0da8765-d415-4330-927b-333cefdf1a66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41073", "type": "seen", "source": "https://t.me/netrunnerz/358", "content": "CVE-2022-41073\n\nSimple File List Plugin &lt;= 3.2.4 - Unauthenticated Arbitrary File Download\n\n\u041f\u043b\u0430\u0433\u0438\u043d \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0440\u043e\u043b\u0435\u0439. \u041d\u043e \u0432 \u043d\u0435\u043c \u043d\u0435 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0440\u043e\u043b\u0438 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0430. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0445\u0430\u043a\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u0435 \u0441\u043f\u0438\u0441\u043a\u0430 \u0444\u0430\u0439\u043b\u043e\u0432, \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 Path Traversal.\n\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u043f\u0440\u043e\u0439\u0434\u044f \u043f\u043e \u043f\u0443\u0442\u0438\n\u0422\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f: No\n\n#CVE #POC", "creation_timestamp": "2022-12-08T08:35:14.000000Z"}, {"uuid": "34506efa-ad72-425a-9dc7-c8d1657a1af5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "https://t.me/zero_day_uz/280", "content": "Microsoft Exchange: OWASSRF + TabShell \n(CVE-2022-41076)\n\nThe TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.\n\nFor a detailed write see research: \nhttps://blog.viettelcybersecurity.com/tabshell-owassrf/\n\nPoC: \nhttps://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e\n\n#owa #ssrf #tabshell #poc", "creation_timestamp": "2023-01-10T09:14:55.000000Z"}, {"uuid": "d7d98750-8e32-46df-a6e3-c140b2b2f3b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "Telegram/XbVANu0oDDLdSiNrK5AHO-lSfskiTXJSFLS2EPeeO7JcPLg", "content": "", "creation_timestamp": "2023-03-04T13:01:25.000000Z"}, {"uuid": "82eab591-5055-47f0-be06-3ff458103282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "Telegram/aUftZCBNqWFLmozew0JHAoVPxPg5BBbDzqvntHGXg8GYSLQ", "content": "", "creation_timestamp": "2023-03-15T18:13:05.000000Z"}, {"uuid": "8bed37e9-77f9-4f81-ae24-304cd2f6310e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1273", "content": "CVE-2022-41076\n\nThe OWASSRF + TabShell exploit chain\n\ntabshell_poc.ps1", "creation_timestamp": "2023-01-09T17:49:40.000000Z"}, {"uuid": "dc62bb8a-384c-48c1-aa9b-cf387c753356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "Telegram/QbDffPK45sEvY1NSFLkD1751HQ35mEkhQAE9dpzBuhFZsnw", "content": "", "creation_timestamp": "2023-02-01T17:27:05.000000Z"}, {"uuid": "0f833d55-6d33-42c8-b199-3f71ac55266a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "Telegram/oRsY88da6I73cGl-qCrSnHo-IYzCGX_3hpJxkVr1dviH7oQ", "content": "", "creation_timestamp": "2023-02-13T07:16:05.000000Z"}, {"uuid": "c09877c5-4944-4c31-b148-55c4e49d3379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41073", "type": "seen", "source": "https://t.me/true_secator/3680", "content": "\u041d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 Patch Tuesday \u043e\u0442 Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 68 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Windows, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 6 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 0-day.\n\n\u0421\u0440\u0435\u0434\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445: 12 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, 2 -\u0441 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0438 55 - \u0432\u0430\u0436\u043d\u044b\u0435.\n\n\u041f\u043e \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f\u043c: 27 - \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, 4 - \u043e\u0431\u0445\u043e\u0434 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 16 - RCE, 11 - \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 6 - DoS, 3 - \u0441\u043f\u0443\u0444\u0438\u043d\u0433.\n\n\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0438\u0437\u044e\u043c\u0438\u043d\u043a\u0430 \u043f\u0430\u0442\u0447\u0430 - \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0432\u0443\u0445 CVE \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Exchange Server, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043a\u0430\u043a ProxyNotShell.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u0436\u0435, \u0441\u043f\u0438\u0441\u043e\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 0-day \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c:\n\n- CVE-2022-41128: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u044f\u0437\u044b\u043a\u0430\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 Windows, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u041a\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u043c \u041b\u0435\u0441\u0438\u043d\u0435\u043c \u0438\u0437 \u0433\u0440\u0443\u043f\u043f\u044b \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0433\u0440\u043e\u0437 Google. \u0411\u0430\u0433\u0430 \u0442\u0440\u0435\u0431\u0443\u0435\u0442, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 Windows \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443.\n\n- CVE-2022-41091: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows Mark of the Web Security Bypass. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u0443 MOTW, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0442\u044b \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0432 Microsoft Office. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u0432\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 Mark of the Web, \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0423\u0438\u043b\u043b\u043e\u043c \u0414\u043e\u0440\u043c\u0430\u043d\u043d\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b, \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 Zip-\u0444\u0430\u0439\u043b \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Windows.\n\n- CVE-2022-41073: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 Windows, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0446\u0435\u043d\u0442\u0440\u043e\u043c Microsoft Threat Intelligence Center (MSTIC). \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438.\n\n- CVE-2022-41125: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438 \u043a\u043b\u044e\u0447\u0435\u0439 Windows CNG, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 Microsoft Threat Intelligence Center (MSTIC) \u0438 Microsoft Security Response Center (MSRC).\n\n- CVE-2022-41040: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Microsoft Exchange Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 GTSC \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b Zero Dat. \u041f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u0432 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c PowerShell \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n- CVE-2022-41082: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 GTSC \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b Zero Dat. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043c\u043e\u0436\u0435\u0442 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u0421\u0440\u0435\u0434\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u043e\u043c \u043f\u0430\u0442\u0447\u0435, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0442\u043e\u0438\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u2014 \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows\u00a0Kerberos (CVE-2022-37967),\u00a0Kerberos RC4-HMAC (CVE-2022-37966) \u0438 Microsoft Exchange Server (CVE-2022-41080) \u0438 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0439 Windows Hyper-V (CVE-2022-38015).\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u044d\u0442\u0438\u043c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0440\u044f\u0434 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0442\u043e\u0447\u043a\u0430-\u0442\u043e\u0447\u043a\u0430 (PPTP), Microsoft Excel, Word, \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 ODBC, Office Graphics, SharePoint Server, JScript9, Chakra \u0438 Visual Studio, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u044f\u0434 \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Win32k, Overlay Filter \u0438 Group Policy.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0432 Patch Tuesday \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2022-11-09T14:40:05.000000Z"}, {"uuid": "fc6be123-521d-41cf-a442-c0e3ee3998c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "Telegram/u5npDIsaLJQK3m-zwd1mmkUUDg-h3-iQOw8rZU83WOV2NLE", "content": "", "creation_timestamp": "2023-01-09T23:20:19.000000Z"}, {"uuid": "6212e805-ff2e-4ea4-9bdf-06f97b7ffb87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "https://t.me/professional_c_h/1888", "content": "\u2b55\ufe0fMicrosoft Exchange: OWASSRF + TabShell \n(CVE-2022-41076)\n\nThe TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.\n\nFor a detailed write see research: \nhttps://blog.viettelcybersecurity.com/tabshell-owassrf/\n\nPoC: \nhttps://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e\n\n#owa #ssrf #tabshell #poc\n\nChannels :\n@Professional_c_h\n@Card_Crack_Hack", "creation_timestamp": "2023-01-28T21:44:02.000000Z"}, {"uuid": "53adcc59-9d50-4760-898a-98f846f10ec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1297", "content": "Exchange CVE-2022-41076 Privilege Escalation (OWASSRF + TabShell)\n\nPoC: https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e\n\u0421\u0442\u0430\u0442\u044c\u044f: https://blog.viettelcybersecurity.com/tabshell-owassrf/\n\u0412\u0438\u0434\u0435\u043e: https://www.youtube.com/watch?v=yzvLDo3cLYU\n\n#exploit #lpe #redteam #blueteam #report #pentest", "creation_timestamp": "2023-01-09T13:51:54.000000Z"}, {"uuid": "dcf351ad-512a-4a48-b515-df0c0ce71e4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41079", "type": "seen", "source": "https://t.me/cibsecurity/52777", "content": "\u203c CVE-2022-41079 \u203c\n\nMicrosoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T00:49:22.000000Z"}, {"uuid": "39997f7c-9002-4c0e-ad13-f6249e5c8a35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41078", "type": "seen", "source": "https://t.me/cibsecurity/52777", "content": "\u203c CVE-2022-41079 \u203c\n\nMicrosoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T00:49:22.000000Z"}, {"uuid": "6246aefe-0736-47ad-8b0f-31168244c5d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4107", "type": "seen", "source": "https://t.me/cibsecurity/54865", "content": "\u203c CVE-2022-4107 \u203c\n\nThe SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T16:10:40.000000Z"}, {"uuid": "e3566d6b-4161-46e6-a629-1e552f7823e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41076", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7503", "content": "#exploit\n1. CVE-2022-41076:\nThe OWASSRF + TabShell exploit chain\nhttps://blog.viettelcybersecurity.com/tabshell-owassrf\n]-&gt; https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e\n\n2. CVE-2022-3515/CVE-2022-47629:\nInteger overflow bug Libksba\u00a0library (x.509)\nhttps://github.com/elttam/publications/blob/master/writeups/CVE-2022-47629.md \n\n3. CVE-2022-44877:\nCentos Web Panel 7 Unauthenticated RCE\nhttps://github.com/numanturle/CVE-2022-44877", "creation_timestamp": "2023-01-10T05:13:06.000000Z"}]}