QID 91943

Date Published: 2022-09-14

QID 91943: Microsoft Windows Remote Procedure Call Runtime Remote Code Execution (RCE) Vulnerability for September 2022

Microsoft Windows Remote Procedure Call runtime is vulnerable to remote code execution vulnerability.

The KB Articles associated with the update:
5017367
5017365
5017370
5017377
5017361
5017373
5017358
5017371
5017305
5017316
5017315

QID Detection Logic (Authenticated):

This QID checks for the file version of ntoskrnl.exe

An unauthenticated attacker on local networks could spoof their IP address as localhost and access functionality in portmap.sys intended to only be reachable from localhost.

  • CVSS V3 rated as Critical - 8.1 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
    • Solution
    Vendor has released patch. Please refer to CVE-2022-35830 for more information.

    Vendor References

    CVEs related to QID 91943

    CVE-2022-35830 |
    Software Advisories
    Advisory ID Software Component Link
    KB5017305 URL Logo support.microsoft.com/help/5017305
    KB5017315 URL Logo support.microsoft.com/help/5017315
    KB5017316 URL Logo support.microsoft.com/help/5017316
    KB5017358 URL Logo support.microsoft.com/help/5017358
    KB5017361 URL Logo support.microsoft.com/help/5017361
    KB5017365 URL Logo support.microsoft.com/help/5017365
    KB5017367 URL Logo support.microsoft.com/help/5017367
    KB5017370 URL Logo support.microsoft.com/help/5017370
    KB5017371 URL Logo support.microsoft.com/help/5017371
    KB5017373 URL Logo support.microsoft.com/help/5017373
    KB5017377 URL Logo support.microsoft.com/help/5017377
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].