Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2022-310

Vulnerability description

CVE-2022-26928 | Windows Photo Import API Elevation of Privilege Vulnerability
CVE-2022-26929 | .NET Framework Remote Code Execution Vulnerability
CVE-2022-30170 | Windows Credential Roaming Service Elevation of Privilege Vulnerability
CVE-2022-30196 | Windows Secure Channel Denial of Service Vulnerability
CVE-2022-30200 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution          Vulnerability
CVE-2022-34718 | Windows TCP/IP Remote Code Execution Vulnerability
CVE-2022-34719 | Windows Distributed File System (DFS) Elevation of Privilege Vulnerability
CVE-2022-34720 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
CVE-2022-34721 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution          Vulnerability
CVE-2022-34722 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution          Vulnerability
CVE-2022-34725 | Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-34726 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-34727 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-34728 | Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-34729 | Windows GDI Elevation of Privilege Vulnerability
CVE-2022-34730 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-34731 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-34732 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-34733 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-34734 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-35803 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-35831 | Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2022-35832 | Windows Event Tracing Denial of Service Vulnerability
CVE-2022-35833 | Windows Secure Channel Denial of Service Vulnerability
CVE-2022-35834 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-35835 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-35836 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-35837 | Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-35840 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-35841 | Windows Enterprise App Management Service Remote Code Execution Vulnerability
CVE-2022-37954 | DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2022-37955 | Windows Group Policy Elevation of Privilege Vulnerability
CVE-2022-37956 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37957 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37958 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure          Vulnerability
CVE-2022-37969 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-38004 | Windows Fax Service Remote Code Execution Vulnerability
CVE-2022-38005 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-38006 | Windows Graphics Component Information Disclosure Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform E590, E790, E990, E1090, E590H, E790H, E1090H
• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• October 5, 2022: This security information page is published.