Описание
Windows Server Service Tampering Vulnerability
FAQ
How could an attacker exploit this vulnerability?
For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 10 Version 20H2 for 32-bit Systems | ||
| Windows 10 Version 20H2 for ARM64-based Systems | ||
| Windows Server, version 20H2 (Server Core Installation) | ||
| Windows 10 Version 21H1 for x64-based Systems | ||
| Windows 10 Version 21H1 for ARM64-based Systems | ||
| Windows 10 Version 21H1 for 32-bit Systems | ||
| Windows Server 2022 | ||
| Windows Server 2022 (Server Core installation) | ||
| Windows 11 version 21H2 for x64-based Systems | ||
| Windows 11 version 21H2 for ARM64-based Systems |
Показывать по
10
Возможность эксплуатации
Publicly Disclosed
No
Exploited
No
Latest Software Release
Exploitation More Likely
Older Software Release
Exploitation More Likely
DOS
N/A
EPSS
Процентиль: 98%
0.46573
Средний
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 8.8
github
почти 3 года назад
Windows Server Service Tampering Vulnerability.
CVSS3: 8.8
fstec
почти 3 года назад
Уязвимость операционной системы Windows, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю скомпрометировать целевую систему
EPSS
Процентиль: 98%
0.46573
Средний
8.8 High
CVSS3