CVE-2022-29105: 
vulnerability analysis and mitigation

CVE-2022-29105 is a Remote Code Execution vulnerability affecting Microsoft Windows Media Foundation. The vulnerability was discovered and disclosed to Microsoft, with the CVE being created on April 12, 2022, and publicly disclosed on May 10, 2022. This vulnerability affects various versions of Microsoft Windows, including Windows 10 and Windows Server installations (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, and can result in high impacts to confidentiality, integrity, and availability. Under CVSS v2.0, it received a score of 6.8 (MEDIUM) with the vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the affected system through the Windows Media Foundation component. The vulnerability has high potential impact on system confidentiality, integrity, and availability, as indicated by the CVSS scoring (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB patches including KB5013963 for Windows 10 version 1507, KB5013952 for version 1607, KB5013941 for version 1809, KB5013945 for version 1909, and KB5013942 for versions 20H2, 21H1, and 21H2. Additional patches are available for Windows Server installations (Rapid7).