Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2022-306

Vulnerability description

CVE-2022-21123 | Shared Buffers Data Read (SBDR)
CVE-2022-21125 | Shared Buffers Data Sampling (SBDS)
CVE-2022-21127 | Special Register Buffer Data Sampling Update (SRBDS Update)
CVE-2022-21166 | Device Register Partial Write (DRPW)
CVE-2022-30132 | Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2022-30135 | Windows Media Center Elevation of Privilege Vulnerability
CVE-2022-30139 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution          Vulnerability
CVE-2022-30140 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability
CVE-2022-30141 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution          Vulnerability
CVE-2022-30142 | Windows File History Remote Code Execution Vulnerability
CVE-2022-30143 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution          Vulnerability
CVE-2022-30145 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
CVE-2022-30146 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution          Vulnerability
CVE-2022-30147 | Windows Installer Elevation of Privilege Vulnerability
CVE-2022-30148 | Windows Desired State Configuration (DSC) Information Disclosure Vulnerability
CVE-2022-30149 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution          Vulnerability
CVE-2022-30150 | Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability
CVE-2022-30151 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2022-30152 | Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2022-30153 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution          Vulnerability
CVE-2022-30155 | Windows Kernel Denial of Service Vulnerability
CVE-2022-30160 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
CVE-2022-30161 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution          Vulnerability
CVE-2022-30162 | Windows Kernel Information Disclosure Vulnerability
CVE-2022-30163 | Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-30164 | Kerberos App Container Security Feature Bypass Vulnerability
CVE-2022-30165 | Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-30166 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2022-32230 | Windows SMB Denial of Service Vulnerability
CVE-2022-30190 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform E590, E790, E990, E1090, E590H, E790H, E1090H
• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• July 1, 2022: This security information page is published.