November 2, 2022
Hitachi, Ltd. IT Platform Products Management Division
Hitachi Disk Array Systems have the following vulnerability.
Hitachi-sec-2022-311
CVE-2022-22035 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-24504 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-30198 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-33634 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-33635 | Windows GDI+ Remote Code Execution Vulnerability
CVE-2022-33645 | Windows TCP/IP Driver Denial of Service Vulnerability
CVE-2022-34689 | Windows CryptoAPI Spoofing Vulnerability
CVE-2022-35770 | Windows NTLM Spoofing Vulnerability
CVE-2022-37965 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVE-2022-37970 | Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-37975 | Windows Group Policy Elevation of Privilege Vulnerability
CVE-2022-37977 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2022-37978 | Windows Active Directory Certificate Services Security Feature Bypass
CVE-2022-37979 | Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-37981 | Windows Event Logging Service Denial of Service Vulnerability
CVE-2022-37982 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-37983 | Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-37984 | Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2022-37985 | Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-37986 | Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-37987 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2022-37988 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37989 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2022-37990 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37991 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37993 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability
CVE-2022-37994 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability
CVE-2022-37995 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37996 | Windows Kernel Memory Information Disclosure Vulnerability
CVE-2022-37997 | Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-37999 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability
CVE-2022-38000 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-38003 | Windows Resilient File System Elevation of Privilege
CVE-2022-38016 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-38021 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2022-38022 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38026 | Windows DHCP Client Information Disclosure Vulnerability
CVE-2022-38027 | Windows Storage Elevation of Privilege Vulnerability
CVE-2022-38028 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-38029 | Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-38030 | Windows USB Serial Driver Information Disclosure Vulnerability
CVE-2022-38031 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-38032 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
CVE-2022-38033 | Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability
CVE-2022-38034 | Windows Workstation Service Elevation of Privilege Vulnerability
CVE-2022-38037 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38038 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38039 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38040 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-38041 | Windows Secure Channel Denial of Service Vulnerability
CVE-2022-38042 | Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2022-38043 | Windows Security Support Provider Interface Information Disclosure Vulnerability
CVE-2022-38044 | Windows CD-ROM File System Driver Remote Code Execution Vulnerability
CVE-2022-38045 | Server Service Remote Protocol Elevation of Privilege Vulnerability
CVE-2022-38046 | Web Account Manager Information Disclosure Vulnerability
CVE-2022-38047 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-38050 | Win32k Elevation of Privilege Vulnerability
CVE-2022-38051 | Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-41033 | Windows COM+ Event System Service Elevation of Privilege Vulnerability
CVE-2022-41081 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
The following table shows the affected products.
| Product Name |
Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H |
|---|---|
| Vulnerability ID |
CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-33635, CVE-2022-33645, CVE-2022-35770, CVE-2022-37965, CVE-2022-37970, CVE-2022-37975, CVE-2022-37977, CVE-2022-37978, CVE-2022-37979, CVE-2022-37981, CVE-2022-37982, CVE-2022-37983, CVE-2022-37984, CVE-2022-37985, CVE-2022-37986, CVE-2022-37987, CVE-2022-37988, CVE-2022-37989, CVE-2022-37990, CVE-2022-37991, CVE-2022-37993, CVE-2022-37994, CVE-2022-37995, CVE-2022-37996, CVE-2022-37997, CVE-2022-37999, CVE-2022-38000, CVE-2022-38003, CVE-2022-38016, CVE-2022-38021, CVE-2022-38022, CVE-2022-38026, CVE-2022-38027, CVE-2022-38028, CVE-2022-38029, CVE-2022-38030, CVE-2022-38031, CVE-2022-38032, CVE-2022-38033, CVE-2022-38034, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039, CVE-2022-38040, CVE-2022-38041, CVE-2022-38042, CVE-2022-38043, CVE-2022-38044, CVE-2022-38045, CVE-2022-38046, CVE-2022-38047, CVE-2022-38050, CVE-2022-38051, CVE-2022-41033, CVE-2022-41081 |
| Product Name |
Hitachi Virtual Storage Platform G1000, G1500 Hitachi Virtual Storage Platform F1500 Hitachi Virtual Storage Platform VX7 |
|---|---|
| Vulnerability ID |
CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-33635, CVE-2022-33645, CVE-2022-35770, CVE-2022-37965, CVE-2022-37975, CVE-2022-37977, CVE-2022-37978, CVE-2022-37981, CVE-2022-37982, CVE-2022-37984, CVE-2022-37985, CVE-2022-37986, CVE-2022-37987, CVE-2022-37988, CVE-2022-37989, CVE-2022-37990, CVE-2022-37991, CVE-2022-37993, CVE-2022-37994, CVE-2022-37996, CVE-2022-37997, CVE-2022-37999, CVE-2022-38000, CVE-2022-38022, CVE-2022-38026, CVE-2022-38027, CVE-2022-38028, CVE-2022-38029, CVE-2022-38031, CVE-2022-38032, CVE-2022-38033, CVE-2022-38034, CVE-2022-38037, CVE-2022-38038, CVE-2022-38040, CVE-2022-38041, CVE-2022-38042, CVE-2022-38043, CVE-2022-38044, CVE-2022-38045, CVE-2022-38047, CVE-2022-38051, CVE-2022-41033, CVE-2022-41081 |
The following products are not affected by the vulnerabilities:
Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.
