CERTFR-2022-AVI-842
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Microsoft Dynamics CRM (on-premises) 9.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft Visio 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | N/A | Raw Image Extension | ||
| Microsoft | N/A | AV1 Video Extension | ||
| Microsoft | N/A | Microsoft Visio 2016 (édition 64 bits) | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Microsoft Visio 2016 (édition 32 bits) | ||
| Microsoft | N/A | Visual Studio 2022 pour Mac version 17.3 | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Mac | ||
| Microsoft | N/A | Microsoft Visio 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.9 (inclus 16.0 - 16.8) | ||
| Microsoft | N/A | Microsoft Dynamics CRM (on-premises) 9.1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics CRM (on-premises) 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Raw Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "AV1 Video Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2016 (\u00e9dition 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2016 (\u00e9dition 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio 2022 pour Mac version 17.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.9 (inclus 16.0 - 16.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics CRM (on-premises) 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-34700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34700"
},
{
"name": "CVE-2022-38019",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38019"
},
{
"name": "CVE-2022-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38020"
},
{
"name": "CVE-2022-35828",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35828"
},
{
"name": "CVE-2022-35805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35805"
},
{
"name": "CVE-2022-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37963"
},
{
"name": "CVE-2022-38013",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38013"
},
{
"name": "CVE-2022-37962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37962"
},
{
"name": "CVE-2022-38011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38011"
},
{
"name": "CVE-2022-38010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38010"
}
],
"initial_release_date": "2022-09-20T00:00:00",
"last_revision_date": "2022-09-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-38019 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38019"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-38010 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-38013 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-38020 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38020"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-35805 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35805"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-34700 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34700"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-35828 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35828"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-37963 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37963"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-38011 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38011"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-37962 du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37962"
}
],
"reference": "CERTFR-2022-AVI-842",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service\net une ex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 septembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…