Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2022-305

Vulnerability description

CVE-2022-21972 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-22011 | Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-22012 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-22013 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-22014 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-22015 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2022-22016 | Windows Play To Manager Elevation of Privilege Vulnerability
CVE-2022-22019 | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-23270 | Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-24466 | Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2022-26913 | Windows Authentication Security Feature Bypass Vulnerability
CVE-2022-26923 | Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2022-26925 | Windows LSA Spoofing Vulnerability
CVE-2022-26926 | Windows Address Book Remote Code Execution Vulnerability
CVE-2022-26927 | Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-26930 | Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2022-26931 | Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-26933 | Windows NTFS Information Disclosure Vulnerability
CVE-2022-26934 | Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-26935 | Windows WLAN Auto Config Service Information Disclosure Vulnerability
CVE-2022-26936 | Windows Server Service Information Disclosure Vulnerability
CVE-2022-29103 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2022-29104 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-29105 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2022-29112 | Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-29113 | Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-29114 | Windows Print Spooler Information Disclosure Vulnerability
CVE-2022-29115 | Windows Fax Service Remote Code Execution Vulnerability
CVE-2022-29121 | Windows WLAN Auto Config Service Denial of Service Vulnerability
CVE-2022-29125 | Windows Push Notifications Apps Elevation of Privilege Vulnerability
CVE-2022-29126 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
CVE-2022-29127 | BitLocker Security Feature Bypass Vulnerability
CVE-2022-29128 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-29129 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-29130 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-29131 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-29132 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-29137 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-29139 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-29140 | Windows Print Spooler Information Disclosure Vulnerability
CVE-2022-29141 | Windows LDAP Remote Code Execution Vulnerability
CVE-2022-29142 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-30130 | .NET Framework Denial of Service Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform E590, E790, E990, E1090, E590H, E790H, E1090H
• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• May 25, 2022: This security information page is published.