CVE-2022-30149: 
vulnerability analysis and mitigation

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30149) was identified and disclosed in 2022. The vulnerability affects various Windows operating systems including Windows 10 and Windows Embedded Compact 2013. This vulnerability is part of a series of similar LDAP-related vulnerabilities, being unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30153, and CVE-2022-30161 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 5.1 (MEDIUM) with vector (AV:N/AC:H/Au:N/C:P/I:P/A:P). The vulnerability requires user interaction as part of the attack mechanism (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on affected systems. The vulnerability impacts confidentiality, integrity, and availability of the system, with all three aspects rated as High under CVSS v3.1 scoring (NVD).

Microsoft has released security updates to address this vulnerability. For Windows Embedded Compact 2013, the fix was included in the September 2022 security update (KB5016866). After applying the update, a clean build of the whole platform is required (Microsoft Support).