Skip to main content

Microsoft Windows TCP/IP Remote Code Execution Vulnerability

Proof-of-concept has been released for CVE-2022-34718, a vulnerability that could allow an unauthenticated, remote attacker to execute code with elevated privileges on affected systems without user interaction

Threat ID:
CC-4165
Threat Severity:
High
Published:
14 September 2022 12:29 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Proof-of-concept has been released for CVE-2022-34718, a vulnerability that could allow an unauthenticated, remote attacker to execute code with elevated privileges on affected systems without user interaction

Affected platforms

The following platforms are known to be affected:

Microsoft Windows Server

  • Windows Server 2022 (Server Core installation and Azure Edition Core Hotpatch)
  • Windows Server 2022
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft Windows

  • Windows 11 for x64-based Systems                                                     
  • Windows 11 for ARM64-based Systems                                                     
  • Windows 10 Version 21H2 for x64-based Systems                                                     
  • Windows 10 Version 21H2 for ARM64-based Systems                                                        
  • Windows 10 Version 21H2 for 32-bit Systems                                                     
  • Windows 10 Version 21H1 for x64-based Systems                                                     
  • Windows 10 Version 21H1 for ARM64-based Systems                                                     
  • Windows 10 Version 21H1 for 32-bit Systems                                                     
  • Windows 10 Version 20H2 for x64-based Systems                                                     
  • Windows 10 Version 20H2 for ARM64-based Systems                                                     
  • Windows 10 Version 20H2 for 32-bit Systems                                                     
  • Windows 10 Version 1809 for x64-based Systems                                                     
  • Windows 10 Version 1809 for ARM64-based Systems                                                     
  • Windows 10 Version 1809 for 32-bit Systems                                                     
  • Windows 10 Version 1607 for x64-based Systems                                                     
  • Windows 10 Version 1607 for 32-bit Systems                                                     
  • Windows 10 for x64-based Systems                                                     
  • Windows 10 for 32-bit Systems                                                     
  • Windows RT 8.1                                                     
  • Windows 8.1 for x64-based systems                                                     
  • Windows 8.1 for 32-bit systems                                                     
  • Windows 7 for x64-based Systems Service Pack 1                                                     
  • Windows 7 for 32-bit Systems Service Pack 1                                                     

Threat details

Introduction

CVE-2022-34718 is a vulnerability that could allow an unauthenticated, remote attacker to execute code with elevated privileges on affected systems without user interaction.

PoC released for CVE-2022-34718

A proof-of-concept (PoC) has been released by a security research firm for this vulnerability. 

Remediation advice

Affected organisations are required to read Microsoft's guidance Windows TCP/IP Remote Code Execution Vulnerability CVE-2022-34718 and apply the relevant updates as soon as practicable.

Last edited: 27 October 2022 11:01 am