Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2022-309

Vulnerability description

CVE-2022-30133 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
CVE-2022-30144 | Windows Bluetooth Service Remote Code Execution Vulnerability
CVE-2022-30194 | Windows Web Browser Control Remote Code Execution Vulnerability
CVE-2022-30197 | Windows Kernel Information Disclosure Vulnerability
CVE-2022-33670 | Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2022-34690 | Windows Fax Service Elevation of Privilege Vulnerability
CVE-2022-34691 | Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2022-34696 | Windows Hyper-V Remote Code Execution Vulnerability
CVE-2022-34699 | Windows Win32k Elevation of Privilege Vulnerability
CVE-2022-34701 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
CVE-2022-34702 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-34703 | Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2022-34704 | Windows Defender Credential Guard Information Disclosure Vulnerability
CVE-2022-34705 | Windows Defender Credential Guard Elevation of Privilege Vulnerability
CVE-2022-34706 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-34707 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-34708 | Windows Kernel Information Disclosure Vulnerability
CVE-2022-34709 | Windows Defender Credential Guard Security Feature Bypass Vulnerability
CVE-2022-34710 | Windows Defender Credential Guard Information Disclosure Vulnerability
CVE-2022-34713 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35743 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CVE-2022-35744 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
CVE-2022-35745 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35746 | Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-35747 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
CVE-2022-35749 | Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-35750 | Win32k Elevation of Privilege Vulnerability
CVE-2022-35751 | Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-35752 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35753 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35754 | Unified Write Filter Elevation of Privilege Vulnerability
CVE-2022-35755 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-35756 | Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-35757 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2022-35758 | Windows Kernel Memory Information Disclosure Vulnerability
CVE-2022-35759 | Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2022-35760 | Microsoft ATA Port Driver Elevation of Privilege Vulnerability
CVE-2022-35761 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-35762 | Storage Spaces Direct Elevation of Privilege Vulnerability
CVE-2022-35763 | Storage Spaces Direct Elevation of Privilege Vulnerability
CVE-2022-35764 | Storage Spaces Direct Elevation of Privilege Vulnerability
CVE-2022-35765 | Storage Spaces Direct Elevation of Privilege Vulnerability
CVE-2022-35766 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35767 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35768 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-35769 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
CVE-2022-35771 | Windows Defender Credential Guard Elevation of Privilege Vulnerability
CVE-2022-35792 | Storage Spaces Direct Elevation of Privilege Vulnerability
CVE-2022-35793 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-35794 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35795 | Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2022-35797 | Windows Hello Security Feature Bypass Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform E590, E790, E990, E1090, E590H, E790H, E1090H
• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• September 14, 2022: This security information page is published.