First published: Tue Nov 08 2022(Updated: )
Netlogon RPC Elevation of Privilege Vulnerability
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/samba | <4.15.13 | 4.15.13 |
redhat/samba | <4.16.8 | 4.16.8 |
Microsoft Windows Server 2008 R2 | ||
Microsoft Windows Server 2008 R2 | ||
Microsoft Windows Server 2012 R2 | ||
Microsoft Windows Server 2012 R2 | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2022 | ||
Microsoft Windows Server 2022 | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2022 | ||
Red Hat Fedora | =36 | |
Red Hat Fedora | =37 | |
NetApp Management Services for Element Software | ||
NetApp Management Services for NetApp HCI | ||
Samba | <4.15.13 | |
Samba | >=4.16.0<4.16.8 | |
Samba | >=4.17.0<4.17.4 | |
Samba | >4.15.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38023 is a Netlogon RPC Elevation of Privilege Vulnerability.
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022 are affected by CVE-2022-38023. Samba versions 4.15.13 to 4.16.8 and 4.17.0 to 4.17.4 are also affected.
The severity of CVE-2022-38023 is high, with a CVSS score of 8.1.
You can apply the security patch KB5028240 from Microsoft's official website to fix CVE-2022-38023 on Windows Server 2008 R2.
You can find more information about CVE-2022-38023 on the Microsoft Security Response Center (MSRC) website, as well as on the Red Hat Bugzilla and Red Hat Access websites.