CNVD-2022-70058

Vulnerability from cnvd - Published: 2022-10-20
VLAI Severity ?
Title
Microsoft Windows Push Notifications权限提升漏洞
Description
Microsoft Windows Push Notifications是美国微软(Microsoft)公司的一个推送通知服务。它提供了一种可靠的方式提供新的更新。 Microsoft Windows Push Notifications存在权限提升漏洞。该漏洞源于网络系统或产品在运行过程中,并发代码需要互斥地访问共享资源时,对于并发访问的处理不当。攻击者可利用此漏洞导致权限提升。
Severity
Patch Name
Microsoft Windows Push Notifications权限提升漏洞的补丁
Patch Description
Microsoft Windows Push Notifications是美国微软(Microsoft)公司的一个推送通知服务。它提供了一种可靠的方式提供新的更新。 Microsoft Windows Push Notifications存在权限提升漏洞。该漏洞源于网络系统或产品在运行过程中,并发代码需要互斥地访问共享资源时,对于并发访问的处理不当。攻击者可利用此漏洞导致权限提升。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29125

Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-29125
Impacted products
Name
['Microsoft Windows 10 1809', 'Microsoft Windows 10 1909', 'Microsoft Windows 10 21H1', 'Microsoft Windows 10 20H2', 'Microsoft Windows 10 21H2', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2019', 'Microsoft Windows Server 2012', 'Microsoft Windows Server 2016', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows 8.1', 'Microsoft Windows Server 2022', 'Microsoft Windows 11', 'Microsoft Windows Server 20H2']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-29125",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-29125"
    }
  },
  "description": "Microsoft Windows Push Notifications\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u63a8\u9001\u901a\u77e5\u670d\u52a1\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u79cd\u53ef\u9760\u7684\u65b9\u5f0f\u63d0\u4f9b\u65b0\u7684\u66f4\u65b0\u3002\n\nMicrosoft Windows Push Notifications\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\uff0c\u5e76\u53d1\u4ee3\u7801\u9700\u8981\u4e92\u65a5\u5730\u8bbf\u95ee\u5171\u4eab\u8d44\u6e90\u65f6\uff0c\u5bf9\u4e8e\u5e76\u53d1\u8bbf\u95ee\u7684\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u6743\u9650\u63d0\u5347\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29125",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-70058",
  "openTime": "2022-10-20",
  "patchDescription": "Microsoft Windows Push Notifications\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u63a8\u9001\u901a\u77e5\u670d\u52a1\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u79cd\u53ef\u9760\u7684\u65b9\u5f0f\u63d0\u4f9b\u65b0\u7684\u66f4\u65b0\u3002\r\n\r\nMicrosoft Windows Push Notifications\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\uff0c\u5e76\u53d1\u4ee3\u7801\u9700\u8981\u4e92\u65a5\u5730\u8bbf\u95ee\u5171\u4eab\u8d44\u6e90\u65f6\uff0c\u5bf9\u4e8e\u5e76\u53d1\u8bbf\u95ee\u7684\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Push Notifications\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows 10 1809",
      "Microsoft Windows 10 1909",
      "Microsoft Windows 10 21H1",
      "Microsoft Windows 10 20H2",
      "Microsoft Windows 10 21H2",
      "Microsoft Windows 10 1607",
      "Microsoft Windows Server 2019",
      "Microsoft Windows Server 2012",
      "Microsoft Windows Server 2016",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows RT 8.1 SP0",
      "Microsoft Windows 8.1",
      "Microsoft Windows Server 2022",
      "Microsoft Windows 11",
      "Microsoft Windows Server 20H2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-29125",
  "serverity": "\u4e2d",
  "submitTime": "2022-05-12",
  "title": "Microsoft Windows Push Notifications\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.