CVE-2022-35752

Q: What is the severity of CVE-2022-35752?

CVE-2022-35752 has a CVSS score of 8.1 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a flaw in the Secure Socket Tunneling Protocol (SSTP) service. Attackers could gain SYSTEM-level privileges on affected systems. All Windows systems with SSTP enabled are potentially vulnerable.

8.1 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a flaw in the Secure Socket Tunneling Protocol (SSTP) service. Attackers could gain SYSTEM-level privileges on affected systems. All Windows systems with SSTP enabled are potentially vulnerable.

💻 Affected Systems

Products:

Windows Server
Windows Client

Versions: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows 11, Windows 10

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with SSTP VPN functionality enabled are vulnerable. SSTP is commonly used for remote access VPNs.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling attackers to install malware, steal data, pivot to other systems, or create persistent backdoors.

🟠

Likely Case

Remote code execution leading to ransomware deployment, data exfiltration, or lateral movement within the network.

🟢

If Mitigated

Limited impact due to network segmentation, proper patching, and disabled SSTP service on non-essential systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Microsoft has not disclosed technical details, but the CVSS score suggests significant attack potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2022 security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35752

Restart Required: Yes

Instructions:

1. Apply August 2022 Windows security updates via Windows Update. 2. For enterprise environments, deploy patches through WSUS or SCCM. 3. Verify patch installation and restart systems as required.

🔧 Temporary Workarounds

Disable SSTP Service

windows

Disables the SSTP service to prevent exploitation if SSTP VPN is not required.

sc config SstpSvc start= disabled
sc stop SstpSvc

Block SSTP Port

all

Blocks TCP port 443 for SSTP traffic at network perimeter if SSTP is not needed.

🧯 If You Can't Patch

Disable SSTP service on all affected systems immediately.
Implement network segmentation to isolate systems with SSTP enabled from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check if August 2022 security updates are installed via 'systeminfo' command or Windows Update history.

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB5012170 (or later August 2022 updates) is installed and SSTP service is either patched or disabled.

📡 Detection & Monitoring

Log Indicators:

Event ID 4625 failed logons to SSTP service
Unexpected process creation from svchost.exe related to SSTP
Windows Security logs showing exploitation attempts

Network Indicators:

Unusual SSTP traffic patterns
Connection attempts to SSTP service from unexpected sources

SIEM Query:

source="Windows Security" AND (event_id=4625 OR event_id=4688) AND process_name="SstpSvc"

📊 Metadata

CVE ID: CVE-2022-35752

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: May 31, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35752 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35752 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 20h2 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable SSTP Service

Block SSTP Port

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export