What is CVE-2022-35794?

A high-severity remote code execution vulnerability exists in Microsoft Windows Secure Socket Tunneling Protocol (SSTP). Organizations should prioritize remediation to mitigate potential exploits.

What is the severity of CVE-2022-35794?

CVE-2022-35794 has a severity rating of HIGH with a CVSS base score of 8.1.

CVE-2022-35794 | High Vulnerability in Microsoft Windows Secure Socket Tunneling Protocol (SSTP)

CVE-2022-35794 is a high-severity remote code execution vulnerability affecting Microsoft Windows Secure Socket Tunneling Protocol (SSTP). With a CVSS score of 8.1, this vulnerability allows attackers to execute arbitrary code on affected systems. This is a critical issue as it presents significant risks to organizations using vulnerable Windows platforms.

The vulnerability affects multiple versions of Windows, including Windows 10 (various versions), Windows 11, and Windows Server editions. Given the high attack vector score indicating that exploitation can occur via a network, organizations are urged to take immediate action. The complexity of the attack is rated as high, requiring no privileges or user interaction, further amplifying the risk.

Risk to organizations includes potential unauthorized access and control over affected systems, leading to data breaches or service disruptions. Given that no public exploit has been confirmed yet, organizations should remain vigilant and prioritize patching this vulnerability as part of their security measures.

Organizations should prioritize patching immediately. Ensure that systems are updated to mitigate this vulnerability effectively and reduce the risk of exploitation.

Vulnerability Details

This vulnerability allows for remote code execution through the Windows Secure Socket Tunneling Protocol (SSTP). The CVSS score of 8.1 indicates a high severity, primarily due to the potential for significant impacts on confidentiality, integrity, and availability. The vulnerability affects several Windows products, including Windows 10 and Windows Server editions, and was published on August 9, 2022.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of requests sent to the SSTP service. Attackers exploiting this vulnerability can send specially crafted packets over the network, allowing execution of arbitrary code. The attack complexity is rated as high due to the requirement for specific conditions to be met, but the lack of required privileges makes it easier for attackers to exploit. No user interaction is necessary, which increases the risk of successful exploitation.

Risk & Impact Analysis

The risk to organizations includes the possibility of unauthorized access to sensitive data and systems. Given the network attack vector, the potential impact can extend beyond the initial target, affecting interconnected systems. The urgency for remediation is heightened by the lack of known exploits at this time, but the high CVSS score indicates that organizations should prioritize this vulnerability in their patch management processes.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects the following versions of Microsoft products: Windows 10 (all versions prior to vendor patch), Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022.

Mitigation & Remediation

Organizations should apply the latest patches released by Microsoft to remediate this vulnerability. If a patch is not available, implement workarounds such as restricting access to the SSTP service or enhancing network perimeter defenses. For further guidance, organizations may refer to the penetration testing services to identify potential vulnerabilities in their systems.

Detection Guidance

Monitor logs for unusual SSTP service access patterns. Look for failed authentication attempts and excessive connection requests that may indicate an attempted exploit.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2022-35794 lies in its potential to serve as a key entry point for attackers seeking to compromise systems using SSTP. By understanding this vulnerability, security teams can enhance their defenses against similar issues in the future. Regular updates and monitoring of security practices are essential for organizations to maintain a robust security posture.

For more information on vulnerability management, consider reviewing our vulnerability management program best practices.

Additionally, organizations should familiarize themselves with penetration testing methodology to ensure comprehensive coverage in their security assessments.

Finally, awareness of the trends in cybersecurity threats is crucial. Reviewing our analysis on ransomware targeting trends can provide valuable insights for strategic defense.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-35794: High Vulnerability in Microsoft Windows Secure Socket Tunneling Protocol (SSTP)