Skip to main content

CVE-2022-35769: Denial of Service in Microsoft Windows 10 Version 1809

High
VulnerabilityCVE-2022-35769cvecve-2022-35769
Published: Tue Aug 09 2022 (08/09/2022, 19:58:02 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

AI-Powered Analysis

AILast updated: 07/07/2025, 22:25:39 UTC

Technical Analysis

CVE-2022-35769 is a high-severity Denial of Service (DoS) vulnerability affecting Microsoft Windows 10 Version 1809, specifically version 10.0.17763.0. The vulnerability resides in the Windows Point-to-Point Protocol (PPP) implementation, which is used for establishing direct connections between two network nodes. The flaw is categorized under CWE-400, indicating it relates to uncontrolled resource consumption. An attacker can exploit this vulnerability remotely without any authentication or user interaction by sending specially crafted PPP packets to a vulnerable system. Successful exploitation results in a denial of service condition, causing the affected system to become unresponsive or crash, thereby impacting availability. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to availability with no confidentiality or integrity loss. There are no known exploits in the wild as of the published date, and no official patches or mitigations have been linked in the provided information. This vulnerability is particularly relevant for environments still running Windows 10 Version 1809, which is an older release and may be present in legacy systems or specialized industrial setups. The lack of required privileges and user interaction means that exploitation can be automated and performed remotely, increasing the risk of widespread disruption if targeted by attackers.

Potential Impact

For European organizations, the primary impact of CVE-2022-35769 is the potential disruption of critical systems relying on Windows 10 Version 1809, especially those using PPP for network connectivity. This could affect remote access services, VPN connections, or legacy communication infrastructure in sectors such as manufacturing, utilities, transportation, and government agencies. A successful DoS attack could lead to downtime, loss of productivity, and interruption of essential services. In critical infrastructure or industrial control environments, this could have cascading effects on operational continuity and safety. Although confidentiality and integrity are not directly impacted, the availability loss can indirectly affect business operations and service delivery. Organizations with strict uptime requirements or those subject to regulatory compliance around service availability (e.g., financial institutions, healthcare providers) may face operational and reputational damage. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

Mitigation Recommendations

Given the lack of an official patch linked in the provided data, European organizations should prioritize the following mitigations: 1) Upgrade or migrate systems from Windows 10 Version 1809 to a supported and patched Windows version to eliminate exposure to this vulnerability. 2) Restrict or monitor PPP traffic at network boundaries using firewalls or intrusion prevention systems to detect and block malformed or suspicious PPP packets. 3) Implement network segmentation to isolate legacy systems running vulnerable versions, limiting exposure to untrusted networks. 4) Employ robust network monitoring and anomaly detection to identify unusual traffic patterns indicative of exploitation attempts. 5) Develop and test incident response plans specifically addressing DoS scenarios to minimize downtime impact. 6) Engage with Microsoft support channels to obtain any out-of-band patches or workarounds if available. 7) Educate IT and security teams about the vulnerability and ensure asset inventories accurately identify affected systems for targeted remediation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2022-07-13T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6838b59f182aa0cae28b0cfd

Added to database: 5/29/2025, 7:29:35 PM

Last enriched: 7/7/2025, 10:25:39 PM

Last updated: 8/9/2025, 12:46:07 AM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats