MS.Windows.PPTP.Protocol.CVE-2022-21972.Use.After.Free

description-logoDescription

This indicates an attack attempt to exploit a Use After Free Vulnerability in Microsoft Windows.
The vulnerability is due to improper handling of PPTP packets. A remote attacker could exploit the vulnerability by sending crafted requests. Successful exploitation results in the execution of arbitrary code in the security context of the system.

affected-products-logoAffected Products

Microsoft Windows 10 Version 1909 for 32-bit Systems
Microsoft Windows 10 Version 1909 for ARM64-based Systems
Microsoft Windows 10 Version 1909 for x64-based Systems
Microsoft Windows 10 Version 20H2 for 32-bit Systems
Microsoft Windows 10 Version 20H2 for ARM64-based Systems
Microsoft Windows 10 Version 20H2 for x64-based Systems
Microsoft Windows 10 Version 21H1 for 32-bit Systems
Microsoft Windows 10 Version 21H1 for ARM64-based Systems
Microsoft Windows 10 Version 21H1 for x64-based Systems
Microsoft Windows 11 for ARM64-based Systems
Microsoft Windows 11 for x64-based Systems
Microsoft Windows RT 8.1
Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft Windows Server 2008 R2 for x64-based Systems SP-1 (Server Core )
Microsoft Windows Server 2012
Microsoft Windows Server 2012 (Server Core installation)
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012 R2 (Server Core installation)
Microsoft Windows Server 2016
Microsoft Windows Server 2016 (Server Core installation)
Microsoft Windows Server 2019
Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server 2022
Microsoft Windows Server 2022 (Server Core installation)
Microsoft Windows Server 2022 Azure Edition Core Hotpatch

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21972

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-07-15 21.357 Default_action:pass:drop
2022-07-06 21.351