CVE-2022-35794: 
vulnerability analysis and mitigation

The Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability (CVE-2022-35794) was identified and disclosed in August 2022. This vulnerability affects various versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions. The vulnerability is part of a series of related SSTP vulnerabilities discovered during the same period (NIST NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH), with a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability is network-accessible, requires no privileges or user interaction, but has high attack complexity. The potential impact includes high levels of compromise to confidentiality, integrity, and availability of the affected systems (NIST NVD).

The vulnerability poses significant risks as it potentially allows remote code execution through the Windows Secure Socket Tunneling Protocol. Given the CVSS scoring, successful exploitation could lead to complete system compromise, affecting the confidentiality, integrity, and availability of the target system (NIST NVD).

Microsoft has released security updates to address this vulnerability. The affected systems include various versions of Windows 10 (20H2, 21H1, 21H2, 1809), Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 (NIST NVD).