BDU:2022-06666
Scores
EPSS
Percentile: 0.0%
CVSS
CVSS Score: 7.5/10
All CVSS Scores
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Network (N)
Describes how the vulnerability is exploited
Attack Complexity
High (H)
Describes the conditions beyond the attacker's control
Privileges Required
None (N)
Describes the level of privileges an attacker must possess
User Interaction
Required (R)
Captures the requirement for a human user participation
Scope
Unchanged (U)
Determines if a successful attack impacts components beyond the vulnerable component
Confidentiality Impact
High (H)
Measures the impact to the confidentiality of information
Integrity Impact
High (H)
Measures the impact to integrity of a successfully exploited vulnerability
Availability Impact
High (H)
Measures the impact to the availability of the impacted component
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Network (N)
Describes how the vulnerability is exploited
Attack Complexity
High (H)
Describes the conditions beyond the attacker's control
Authentication
None (N)
Describes the level of privileges an attacker must possess
Confidentiality Impact
Complete
Measures the impact to the confidentiality of information
Integrity Impact
Complete
Measures the impact to integrity of a successfully exploited vulnerability
Availability Impact
Complete
Measures the impact to the availability of the impacted component
Description
Уязвимость реализации протокола Kerberos операционных систем Windows связана с ошибками управления привилегиями. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии
Scaner-VS 7 — a modern vulnerability management solution
Sources
Related Vulnerabilities
Exploits
Exploit ID: CVE-2022-33679
Source: github-poc
Recommendations
Source: bdu
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- для Windows Server 2012 и более поздних версий применение Безопасного Туннелирования Гибкой Аутентификации (FAST) предотвратит возможность эксплуатации уязвимости;
- отключить параметр «Не требовать предварительной аутентификации Kerberos».
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33679
Vulnerable Software (90)
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2008
Operating System: * *
{ "version_exact": "service pack 2"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2008
Operating System: * *
{ "version_exact": "r2 service pack 1"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2008
Operating System: * *
{ "version_exact": "service pack 2 (server core installation)"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2008
Operating System: * *
{ "version_exact": "r2 service pack 1 (server core installation)"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2012
Operating System: * *
{ "version_exact": "*"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2012
Operating System: * *
{ "version_exact": "r2"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2012
Operating System: * *
{ "version_exact": "r2 (server core installation)"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2012
Operating System: * *
{ "version_exact": "(server core installation)"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2016
Operating System: * *
{ "version_exact": "*"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2016
Operating System: * *
{ "version_exact": "(server core installation)"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2019
Operating System: * *
{ "version_exact": "*"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2019
Operating System: * *
{ "version_exact": "(server core installation)"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2022
Operating System: * *
{ "version_exact": "datacenter: azure edition"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2022
Operating System: * *
{ "version_exact": "*"}
Source: bdu
Type: Configuration
Vendor: microsoft corp
Product: windows_server_2022
Operating System: * *
{ "version_exact": "(server core installation)"}
Source: bdu
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2031
Operating System: Windows 20348 build 2031
Identifier: KB5031364
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 10.0.20348.916
Operating System: Windows 20348 build 916
Identifier: KB5017392
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4052
Operating System: Windows 20348 build 4052
Identifier: KB5063880
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3692
Operating System: Windows 20348 build 3692
Identifier: KB5058385
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3695
Operating System: Windows 20348 build 3695
Identifier: KB5061906
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3807
Operating System: Windows 20348 build 3807
Identifier: KB5060526
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3453
Operating System: Windows 20348 build 3453
Identifier: KB5055526
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3561
Operating System: Windows 20348 build 3561
Identifier: KB5058920
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3566
Operating System: Windows 20348 build 3566
Identifier: KB5059092
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3207
Operating System: Windows 20348 build 3207
Identifier: KB5051979
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3328
Operating System: Windows 20348 build 3328
Identifier: KB5053603
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3091
Operating System: Windows 20348 build 3091
Identifier: KB5049983
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3095
Operating System: Windows 20348 build 3095
Identifier: KB5052819
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2966
Operating System: Windows 20348 build 2966
Identifier: KB5048654
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2849
Operating System: Windows 20348 build 2849
Identifier: KB5046616
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2762
Operating System: Windows 20348 build 2762
Identifier: KB5044281
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Operating System: Windows
Identifier: KB5047767
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2700
Operating System: Windows 20348 build 2700
Identifier: KB5042881
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2582
Operating System: Windows 20348 build 2582
Identifier: KB5040437
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2655
Operating System: Windows 20348 build 2655
Identifier: KB5041160
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2527
Operating System: Windows 20348 build 2527
Identifier: KB5039227
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2529
Operating System: Windows 20348 build 2529
Identifier: KB5041054
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2461
Operating System: Windows 20348 build 2461
Identifier: KB5037782
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2402
Operating System: Windows 20348 build 2402
Identifier: KB5036909
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2340
Operating System: Windows 20348 build 2340
Identifier: KB5035857
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2342
Operating System: Windows 20348 build 2342
Identifier: KB5037422
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2113
Operating System: Windows 20348 build 2113
Identifier: KB5032198
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2159
Operating System: Windows 20348 build 2159
Identifier: KB5033118
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2322
Operating System: Windows 20348 build 2322
Identifier: KB5034770
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.2227
Operating System: Windows 20348 build 2227
Identifier: KB5034129
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4171
Operating System: Windows 20348 build 4171
Identifier: KB5065432
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1970
Operating System: Windows 20348 build 1970
Identifier: KB5030216
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1906
Operating System: Windows 20348 build 1906
Identifier: KB5029250
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1850
Operating System: Windows 20348 build 1850
Identifier: KB5028171
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1787
Operating System: Windows 20348 build 1787
Identifier: KB5027225
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1726
Operating System: Windows 20348 build 1726
Identifier: KB5026370
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1668
Operating System: Windows 20348 build 1668
Identifier: KB5025230
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1487
Operating System: Windows 20348 build 1487
Identifier: KB5022291
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1607
Operating System: Windows 20348 build 1607
Identifier: KB5023705
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1547
Operating System: Windows 20348 build 1547
Identifier: KB5022842
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1249
Operating System: Windows 20348 build 1249
Identifier: KB5019081
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1366
Operating System: Windows 20348 build 1366
Identifier: KB5021249
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1251
Operating System: Windows 20348 build 1251
Identifier: KB5021656
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1311
Operating System: Windows 20348 build 1311
Identifier: KB5020032
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1368
Operating System: Windows 20348 build 1368
Identifier: KB5022553
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.3.9600.20571
Operating System: Windows 9600 build 20571
Identifier: KB5017365
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.2.9200.23865
Operating System: Windows 9200 build 23865
Identifier: KB5017377
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 14393.5356
Operating System: Windows 14393 build 5356
Identifier: KB5017305
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4893
Operating System: Windows 20348 build 4893
Identifier: KB5078766
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4773
Operating System: Windows 20348 build 4773
Identifier: KB5075906
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4776
Operating System: Windows 20348 build 4776
Identifier: KB5082314
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4648
Operating System: Windows 20348 build 4648
Identifier: KB5073457
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4650
Operating System: Windows 20348 build 4650
Identifier: KB5077800
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4651
Operating System: Windows 20348 build 4651
Identifier: KB5078136
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4529
Operating System: Windows 20348 build 4529
Identifier: KB5071547
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4294
Operating System: Windows 20348 build 4294
Identifier: KB5066782
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4405
Operating System: Windows 20348 build 4405
Identifier: KB5068787
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.4297
Operating System: Windows 20348 build 4297
Identifier: KB5070884
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.3.9600.20625
Operating System: Windows 9600 build 20625
Identifier: KB5018474
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.2.9200.23920
Operating System: Windows 9200 build 23920
Identifier: KB5018457
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.1.7601.26174
Operating System: Windows 7601 build 26174
Identifier: KB5018454
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1129
Operating System: Windows 20348 build 1129
Identifier: KB5018421
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1194
Operating System: Windows 20348 build 1194
Identifier: KB5018485
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1131
Operating System: Windows 20348 build 1131
Identifier: KB5020436
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.0.6003.21721
Operating System: Windows 6003 build 21721
Identifier: KB5018450
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.3.9600.20571
Operating System: Windows 9600 build 20571
Identifier: KB5017367
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.2.9200.23865
Operating System: Windows 9200 build 23865
Identifier: KB5017370
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.1.7601.26115
Operating System: Windows 7601 build 26115
Identifier: KB5017361
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.0.6003.21666
Operating System: Windows 6003 build 21666
Identifier: KB5017358
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1006
Operating System: Windows 20348 build 1006
Identifier: KB5017316
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.1070
Operating System: Windows 20348 build 1070
Identifier: KB5017381
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.0.6003.21666
Operating System: Windows 6003 build 21666
Identifier: KB5017371
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 6.1.7601.26115
Operating System: Windows 7601 build 26115
Identifier: KB5017373
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 17763.3406
Operating System: Windows 17763 build 3406
Identifier: KB5017315
Source: msrc
Type: Windows KB
Vendor: Microsoft
Product: Windows
Version: 20348.3932
Operating System: Windows 20348 build 3932
Identifier: KB5062572
Source: msrc