Site icon API Security Blog

KB5017328: Windows 11 Security Update (September 2022)

The remote Windows host is missing security update 5017328. It is, therefore, affected by multiple vulnerabilities

– Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)

– Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)

– Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More

Exit mobile version