Critical-rated vulnerabilities have been identified in Hyper-V, Windows KDC Proxy Service, and the Imaging Component. The Hyper-V vulnerability can lead to local code execution if an attacker tricks a user into importing an INF file. The Windows KDC Proxy Service vulnerability allows code execution through a cryptographic protocol exploit but is challenging to leverage. The Imaging Component vulnerability is questioned due to its nature of leaking heap memory. Other significant vulnerabilities are in Office, RRAS service, MPEG2, Intune SQL injection, and SharePoint, with varied requirements for exploitation, including authentication access.
The first Critical-rated bug in Hyper-V could allow an attacker to execute code on the local system if they can be tricked into importing an INF file. The vulnerability in the Windows KDC Proxy Service allows code execution if an attacker can leverage a vulnerability in Kerberos Key Distribution Center Proxy Service. Although it is a tempting target, exploiting this is a challenging task for attackers. A Critical-rated info disclosure bug in the Imaging Component leaks ream heap memory, raising questions about its Critical classification.
The remaining code execution bugs include those in Office, focusing on open-and-own vulnerabilities, where the Preview Pan is not an attack vector. Monthly, the RRAS service sees 14 bugs reported for July, and other significant findings include vulnerabilities in MPEG2 and SQL injection bugs in Intune, both requiring authentication to exploit.
The SharePoint bug necessitates user authentication, specifically for individuals with permissions to create sites. The vulnerability in the Virtual Hard Drive relies on the mounting of a specially crafted VHD, presenting an unlikely attack scenario. An RDP Client bug requires connection to a malicious RDP server, which is yet another uncommon situation for exploitation.
The bug regarding Windows Server Setup and Boot Event Collection requires elevated privileges but offers opportunities for maintaining access post-intrusion. A Miracast vulnerability mandates that a user connect to a malicious Miracast sink and be in a non-default configuration to be at risk.
Collection
[
|
...
]