April 2023 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2023-Apr 2023-Apr Final 1.0 90 2026-03-31T14:39:50 April 2023 Security Updates 2023-04-11T07:00:00 2026-03-31T14:39:50 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of security updates for the following products, features and roles.</p> <ul> <li>.NET Core</li> <li>Azure Machine Learning</li> <li>Azure Service Connector</li> <li>Microsoft Bluetooth Driver</li> <li>Microsoft Defender for Endpoint</li> <li>Microsoft Dynamics</li> <li>Microsoft Dynamics 365 Customer Voice</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Graphics Component</li> <li>Microsoft Message Queuing</li> <li>Microsoft Office</li> <li>Microsoft Office Publisher</li> <li>Microsoft Office SharePoint</li> <li>Microsoft Office Word</li> <li>Microsoft PostScript Printer Driver</li> <li>Microsoft Printer Drivers</li> <li>Microsoft WDAC OLE DB provider for SQL</li> <li>Microsoft Windows DNS</li> <li>Visual Studio</li> <li>Visual Studio Code</li> <li>Windows Active Directory</li> <li>Windows ALPC</li> <li>Windows Ancillary Function Driver for WinSock</li> <li>Windows Boot Manager</li> <li>Windows Clip Service</li> <li>Windows CNG Key Isolation Service</li> <li>Windows Common Log File System Driver</li> <li>Windows DHCP Server</li> <li>Windows Enroll Engine</li> <li>Windows Error Reporting</li> <li>Windows Group Policy</li> <li>Windows Internet Key Exchange (IKE) Protocol</li> <li>Windows Kerberos</li> <li>Windows Kernel</li> <li>Windows Layer 2 Tunneling Protocol</li> <li>Windows Lock Screen</li> <li>Windows Netlogon</li> <li>Windows Network Address Translation (NAT)</li> <li>Windows Network File System</li> <li>Windows Network Load Balancing</li> <li>Windows NTLM</li> <li>Windows PGM</li> <li>Windows Point-to-Point Protocol over Ethernet (PPPoE)</li> <li>Windows Point-to-Point Tunneling Protocol</li> <li>Windows Raw Image Extension</li> <li>Windows RDP Client</li> <li>Windows Registry</li> <li>Windows RPC API</li> <li>Windows Secure Boot</li> <li>Windows Secure Channel</li> <li>Windows Secure Socket Tunneling Protocol (SSTP)</li> <li>Windows Transport Security Layer (TLS)</li> <li>Windows Win32K</li> </ul> <p>Please note the following information regarding the security updates:</p> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-information">Relevant Information</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2> <p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21554">CVE-2023-21554</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21727">CVE-2023-21727</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21729">CVE-2023-21729</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23375">CVE-2023-23375</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23384">CVE-2023-23384</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24860">CVE-2023-24860</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24883">CVE-2023-24883</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24884">CVE-2023-24884</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24885">CVE-2023-24885</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24886">CVE-2023-24886</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24887">CVE-2023-24887</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24893">CVE-2023-24893</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24912">CVE-2023-24912</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24914">CVE-2023-24914</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24924">CVE-2023-24924</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24925">CVE-2023-24925</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24926">CVE-2023-24926</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24927">CVE-2023-24927</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24928">CVE-2023-24928</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24929">CVE-2023-24929</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-24935">CVE-2023-24935</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28216">CVE-2023-28216</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28218">CVE-2023-28218</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28219">CVE-2023-28219</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28220">CVE-2023-28220</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28221">CVE-2023-28221</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28222">CVE-2023-28222</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28223">CVE-2023-28223</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28224">CVE-2023-28224</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28225">CVE-2023-28225</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28226">CVE-2023-28226</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28227">CVE-2023-28227</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28228">CVE-2023-28228</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28229">CVE-2023-28229</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28231">CVE-2023-28231</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28232">CVE-2023-28232</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28233">CVE-2023-28233</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28234">CVE-2023-28234</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28235">CVE-2023-28235</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28236">CVE-2023-28236</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28237">CVE-2023-28237</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28238">CVE-2023-28238</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28240">CVE-2023-28240</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28243">CVE-2023-28243</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28244">CVE-2023-28244</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28246">CVE-2023-28246</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28247">CVE-2023-28247</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28248">CVE-2023-28248</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28249">CVE-2023-28249</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28250">CVE-2023-28250</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28251">CVE-2023-28251</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28252">CVE-2023-28252</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28253">CVE-2023-28253</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28254">CVE-2023-28254</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28255">CVE-2023-28255</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28256">CVE-2023-28256</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28260">CVE-2023-28260</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28262">CVE-2023-28262</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28263">CVE-2023-28263</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28266">CVE-2023-28266</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28267">CVE-2023-28267</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28268">CVE-2023-28268</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28269">CVE-2023-28269</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28270">CVE-2023-28270</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28271">CVE-2023-28271</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28272">CVE-2023-28272</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28273">CVE-2023-28273</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28274">CVE-2023-28274</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28275">CVE-2023-28275</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28276">CVE-2023-28276</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28277">CVE-2023-28277</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28278">CVE-2023-28278</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28284">CVE-2023-28284</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28285">CVE-2023-28285</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28287">CVE-2023-28287</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28288">CVE-2023-28288</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28291">CVE-2023-28291</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28292">CVE-2023-28292</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28295">CVE-2023-28295</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28296">CVE-2023-28296</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28297">CVE-2023-28297</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28300">CVE-2023-28300</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28301">CVE-2023-28301</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28304">CVE-2023-28304</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28305">CVE-2023-28305</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28306">CVE-2023-28306</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28307">CVE-2023-28307</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28308">CVE-2023-28308</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28309">CVE-2023-28309</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28311">CVE-2023-28311</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28312">CVE-2023-28312</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28313">CVE-2023-28313</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-28314">CVE-2023-28314</a></li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5002375">5002375</a></td> <td>SharePoint Server Subscription Edition</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5025221">5025221</a></td> <td>Windows 10, version 20H2, Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5025224">5025224</a></td> <td>Windows 11 version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5025229">5025229</a></td> <td>Windows 10, Version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5025230">5025230</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5025239">5025239</a></td> <td>Windows 11 version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5025271">5025271</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5025273">5025273</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5025277">5025277</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5025279">5025279</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Raw Image Extension on Windows 10 Version 20H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 20H2 for ARM64-based Systems Raw Image Extension on Windows 11 version 21H2 for x64-based Systems Raw Image Extension on Windows 11 version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for x64-based Systems Raw Image Extension on Windows 11 Version 22H2 for ARM64-based Systems Raw Image Extension on Windows 11 Version 22H2 for x64-based Systems Raw Image Extension on Windows 10 for 32-bit Systems Raw Image Extension on Windows 10 for x64-based Systems Remote Desktop client for Windows Desktop Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE) Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2019 for x64-based Systems (CU 18) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft OLE DB Driver 18 for SQL Server Microsoft OLE DB Driver 19 for SQL Server Microsoft ODBC Driver 17 for SQL Server Microsoft ODBC Driver 18 for SQL Server Microsoft Edge (Chromium-based) Microsoft Edge for Android Microsoft Malware Protection Engine Microsoft Malware Protection Platform Microsoft Office 2019 for Mac Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Publisher 2016 (32-bit edition) Microsoft Publisher 2016 (64-bit edition) Microsoft Publisher 2013 Service Pack 1 (32-bit editions) Microsoft Publisher 2013 Service Pack 1 (64-bit editions) Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Publisher 2013 Service Pack 1 RT Microsoft Office 2019 for 32-bit editions Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Foundation 2013 Service Pack 1 Azure Service Connector Azure Machine Learning Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft Dynamics 365 (on-premises) version 9.1 Send Customer Voice survey from Dynamics 365 Visual Studio Code .NET 6.0 .NET 7.0 Microsoft Visual Studio 2022 version 17.5 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2022 version 17.0 PowerShell 7.3 PowerShell 7.2 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM Azure Linux 3.0 x64 Azure Linux 3.0 ARM Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Publisher 2013 Service Pack 1 (32-bit editions) Microsoft Publisher 2013 Service Pack 1 (64-bit editions) Microsoft SharePoint Foundation 2013 Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Publisher 2016 (32-bit edition) Microsoft Publisher 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE) Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Visual Studio Code Microsoft Edge (Chromium-based) Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) Microsoft Publisher 2013 Service Pack 1 RT Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Raw Image Extension on Windows 10 for 32-bit Systems Raw Image Extension on Windows 10 for x64-based Systems Raw Image Extension on Windows 10 Version 20H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 20H2 for ARM64-based Systems Raw Image Extension on Windows 11 version 21H2 for x64-based Systems Raw Image Extension on Windows 11 version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for x64-based Systems Raw Image Extension on Windows 11 Version 22H2 for ARM64-based Systems Raw Image Extension on Windows 11 Version 22H2 for x64-based Systems Microsoft Edge for Android Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) Remote Desktop client for Windows Desktop Microsoft Malware Protection Engine Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Visual Studio 2022 version 17.0 PowerShell 7.2 .NET 6.0 Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft Visual Studio 2022 version 17.2 Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft Visual Studio 2022 version 17.4 .NET 7.0 PowerShell 7.3 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2019 for x64-based Systems (CU 18) Microsoft SQL Server 2022 for x64-based Systems (GDR) Azure Machine Learning Microsoft Visual Studio 2022 version 17.5 Send Customer Voice survey from Dynamics 365 Azure Service Connector Microsoft ODBC Driver 18 for SQL Server Microsoft ODBC Driver 17 for SQL Server Microsoft OLE DB Driver 19 for SQL Server Microsoft OLE DB Driver 18 for SQL Server Microsoft Malware Protection Platform Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Azure Linux 3.0 x64 Azure Linux 3.0 ARM Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows Server 2025 (Server Core installation) azl3 samba 4.18.3-1 on Azure Linux 3.0 cbl2 libxml2 2.10.4-1 on CBL Mariner 2.0 cbl2 libdwarf 0.9.0 on CBL Mariner 2.0 azl3 libdwarf 0.9.0-1 on Azure Linux 3.0 azl3 hyperv-daemons 6.6.35.1-1 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.158.2-1 on CBL Mariner 2.0 cbl2 golang 1.21.6-1 on CBL Mariner 2.0 azl3 golang 1.23.7-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 rpm-ostree 2024.4-1 on Azure Linux 3.0 cbl2 kernel 5.15.126.1-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.118.1-1 on CBL Mariner 2.0 cm1 libtiff 4.5.1-1 on CBL Mariner 1.0 cbl2 libtiff 4.5.1-1 on CBL Mariner 2.0 cm1 perl 5.30.3-3 on CBL Mariner 1.0 cbl2 perl 5.34.1-489 on CBL Mariner 2.0 cm1 kernel 5.10.181.1-1 on CBL Mariner 1.0 cm1 vim 9.0.1562-1 on CBL Mariner 1.0 cbl2 vim 9.0.1562-1 on CBL Mariner 2.0 cm1 hyperv-daemons 5.10.179.1-1 on CBL Mariner 1.0 cbl2 hyperv-daemons 5.15.111.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.111.1-1 on CBL Mariner 2.0 cm1 kernel 5.10.179.1-1 on CBL Mariner 1.0 cm1 hyperv-daemons 5.10.189.1-1 on CBL Mariner 1.0 cm1 cloud-init 21.4-3 on CBL Mariner 1.0 cbl2 cloud-init 22.4-3 on CBL Mariner 2.0 cm1 hyperv-daemons 5.10.177.1-1 on CBL Mariner 1.0 cm1 redis 6.2.12-1 on CBL Mariner 1.0 cbl2 redis 6.2.12-1 on CBL Mariner 2.0 cm1 ncurses 6.4-1 on CBL Mariner 1.0 cbl2 ncurses 6.4-1 on CBL Mariner 2.0 cm1 kernel 5.10.177.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.107.1-2 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.107.1-1 on CBL Mariner 2.0 cm1 freetype 2.13.0-1 on CBL Mariner 1.0 cbl2 freetype 2.13.0-1 on CBL Mariner 2.0 cm1 qt5-qtbase 5.12.11-4 on CBL Mariner 1.0 cbl2 qt5-qtbase 5.15.9-1 on CBL Mariner 2.0 cbl2 mysql 8.0.33-1 on CBL Mariner 2.0 cbl2 rpm-ostree 2022.1-7 on CBL Mariner 2.0 cbl2 msft-golang 1.20.11-1 on CBL Mariner 2.0 cbl2 golang 1.20.7-1 on CBL Mariner 2.0 cbl2 msft-golang 1.20.7-1 on CBL Mariner 2.0 azl3 golang 1.20.7-1 on Azure Linux 3.0 cbl2 golang 1.19.8-1 on CBL Mariner 2.0 azl3 golang 1.19.8-1 on Azure Linux 3.0 cbl2 python3 3.9.19-9 on CBL Mariner 2.0 azl3 python3 3.12.0-1 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 mod_auth_openidc 2.4.14.2-1 on CBL Mariner 2.0 cbl2 kata-containers 3.2.0.azl0-1 on CBL Mariner 2.0 azl3 rust h2-0.3.26 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl0-2 on Azure Linux 3.0 cbl2 vitess 16.0.2-1 on CBL Mariner 2.0 cbl2 strongswan 5.9.10-1 on CBL Mariner 2.0 cbl2 cloud-hypervisor 31.1-1 on CBL Mariner 2.0 cbl2 shadow-utils 4.9-13 on CBL Mariner 2.0 cbl2 nodejs18 18.20.2-2 on CBL Mariner 2.0 cbl2 screen 4.9.1-1 on CBL Mariner 2.0 cbl2 libyang 2.1.55-1 on CBL Mariner 2.0 cbl2 dmidecode 3.5-1 on CBL Mariner 2.0 cbl2 openvswitch 2.17.5-2 on CBL Mariner 2.0 azl3 openvswitch 2.17.5-3 on Azure Linux 3.0 cm1 cloud-init 21.4-4 on CBL Mariner 1.0 cm1 protobuf-c 1.3.2-2 on CBL Mariner 1.0 cbl2 protobuf-c 1.4.1-1 on CBL Mariner 2.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 cm1 fluent-bit 1.5.2-3 on CBL Mariner 1.0 cbl2 nginx 1.22.1-11 on CBL Mariner 2.0 azl3 rpm-ostree 2022.1-7 on Azure Linux 3.0 cbl2 nginx 1.22.1-5 on CBL Mariner 2.0 cbl2 etcd 3.5.4-6 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 azl3 kata-containers 3.1.3-2 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 golang 1.23.8-1 on Azure Linux 3.0 cbl2 golang 1.17.13-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 azl3 hyperv-daemons 6.6.47.1-1 on Azure Linux 3.0 cbl2 libdwarf 0.9.0-3 on CBL Mariner 2.0 cbl2 perl 5.34.1-490 on CBL Mariner 2.0 azl3 python3 3.12.9-4 on Azure Linux 3.0 azl3 python3 3.12.9-5 on Azure Linux 3.0 azl3 python3 3.12.9-6 on Azure Linux 3.0 azl3 python3 3.12.9-7 on Azure Linux 3.0 azl3 python3 3.12.9-8 on Azure Linux 3.0 azl3 python3 3.12.9-9 on Azure Linux 3.0 azl3 python3 3.12.9-10 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Spectre V1 Gadget in do_prlimit in the Linux Kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-0458 NULL Pointer Dereference 17893-16820 17889-16823 17893-16820 17889-16823 Moderate 17893-16820 Moderate 17889-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 17893-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 17889-16823 CBL-Mariner Releases 17893-16820 No Security Update 5.10.179.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17893-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-05-10T00:00:00 <p>Information published.</p> The fix in 4.6.16 4.7.9 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0614 Cleartext Storage of Sensitive Information 16864-17084 16864-17084 Moderate 16864-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> Input buffer over-read in AES-XTS implementation on 64 bit ARM <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-1255 Out-of-bounds Read 1.0 2023-04-24T00:00:00 <p>Information published.</p> A data race flaw was found in the Linux kernel between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1382 NULL Pointer Dereference 17863-16820 17889-16823 17863-16820 17889-16823 Moderate 17863-16820 Moderate 17889-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17863-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17889-16823 CBL-Mariner Releases 17863-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17863-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-28T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> sensitive data exposure in cloud-init logs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2023-1786 Insertion of Sensitive Information into Log File 17895-16820 17896-16823 17895-16820 17896-16823 Moderate 17895-16820 Moderate 17896-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17895-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17896-16823 CBL-Mariner Releases 17895-16820 No Security Update 21.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17895-16820 CBL-Mariner Releases CBL-Mariner Releases 17896-16823 No Security Update 22.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17896-16823 CBL-Mariner Releases 1.0 2023-05-01T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system and could even lead to a kernel information leak problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1838 Use After Free 17902-16820 17903-16823 17902-16820 17903-16823 Important 17902-16820 Important 17903-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17902-16820 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-04-13T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> 1.2 2023-05-03T00:00:00 <p>Information published.</p> A flaw was found in tiffcrop a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1916 Out-of-bounds Read 17836-16820 17837-16823 17836-16820 17837-16823 Moderate 17836-16820 Moderate 17837-16823 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 17836-16820 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 17837-16823 CBL-Mariner Releases 17836-16820 17837-16823 No Security Update 4.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17836-16820 17837-16823 CBL-Mariner Releases 1.0 2023-04-17T00:00:00 <p>Information published.</p> 1.1 2023-04-19T00:00:00 <p>Added libtiff to CBL-Mariner 2.0</p> 1.2 2023-07-29T00:00:00 <p>Information published.</p> The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2007 Improper Locking 17832-16823 17832-16823 Important 17832-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17832-16823 CBL-Mariner Releases 17832-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 CBL-Mariner Releases 1.0 2023-05-05T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel's netdevsim device driver within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2019 Improper Update of Reference Count 17889-16823 17889-16823 Moderate 17889-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17889-16823 CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-05-05T00:00:00 <p>Information published.</p> In inflate of inflate.c there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner google_android Yes CVE-2023-21100 Out-of-bounds Write 18381-16823 18381-16823 Important 18381-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18381-16823 CBL-Mariner Releases 18381-16823 No Security Update 18.20.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18381-16823 CBL-Mariner Releases 1.0 2023-04-24T00:00:00 <p>Information published.</p> A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2166 NULL Pointer Dereference 17863-16820 17889-16823 17863-16820 17889-16823 Moderate 17863-16820 Moderate 17889-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17863-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17889-16823 CBL-Mariner Releases 17863-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17863-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-30T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2194 Out-of-bounds Write 17863-16820 17889-16823 17863-16820 17889-16823 Moderate 17863-16820 Moderate 17889-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17863-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17889-16823 CBL-Mariner Releases 17863-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17863-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-28T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-21972 17954-16823 17954-16823 Moderate 17954-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17954-16823 CBL-Mariner Releases 17954-16823 No Security Update 8.0.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17954-16823 CBL-Mariner Releases 1.0 2023-04-20T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-21982 17954-16823 17954-16823 Moderate 17954-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17954-16823 CBL-Mariner Releases 17954-16823 No Security Update 8.0.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17954-16823 CBL-Mariner Releases 1.0 2023-04-20T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS EAP-TTLS EAP-PEAP or EAP-TNC). This is fixed in 5.9.10. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26463 NULL Pointer Dereference 18378-16823 18378-16823 Critical 18378-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18378-16823 CBL-Mariner Releases 18378-16823 No Security Update 5.9.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18378-16823 CBL-Mariner Releases 1.0 2023-04-26T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Denial of Service (DoS). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26964 Allocation of Resources Without Limits or Throttling 18815-17084 19686-17084 18368-16823 18011-16823 18369-17084 17811-17084 18370-17084 19706-17084 18469-17084 18815-17084 19686-17084 18368-16823 18011-16823 18369-17084 17811-17084 18370-17084 19706-17084 18469-17084 Important 18815-17084 Important 19686-17084 Important 18368-16823 Important 18011-16823 Important 18369-17084 Important 17811-17084 Important 18370-17084 Important 19706-17084 Important 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18815-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18368-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18011-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18369-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17811-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18370-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19706-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18469-17084 CBL-Mariner Releases 18815-17084 17811-17084 No Security Update 2024.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18815-17084 17811-17084 CBL-Mariner Releases CBL-Mariner Releases 19686-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19686-17084 CBL-Mariner Releases CBL-Mariner Releases 18368-16823 No Security Update 3.2.0.azl0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18368-16823 CBL-Mariner Releases CBL-Mariner Releases 18011-16823 No Security Update 2022.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18011-16823 CBL-Mariner Releases CBL-Mariner Releases 18369-17084 No Security Update h2-0.3.26 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18369-17084 CBL-Mariner Releases CBL-Mariner Releases 18370-17084 19706-17084 No Security Update 3.2.0.azl0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18370-17084 19706-17084 CBL-Mariner Releases 2.6 2026-02-19T01:05:56 <p>Information published.</p> 1.0 2023-05-17T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-08-26T00:00:00 <p>Information published.</p> 1.3 2024-08-27T00:00:00 <p>Information published.</p> 1.4 2024-08-28T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-28328 NULL Pointer Dereference 17863-16820 17889-16823 17863-16820 17889-16823 Moderate 17863-16820 Moderate 17889-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17863-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17889-16823 CBL-Mariner Releases 17863-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17863-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-30T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> In libxml2 before 2.10.4 parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-28484 NULL Pointer Dereference 16873-16823 16873-16823 Moderate 16873-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16873-16823 CBL-Mariner Releases 16873-16823 No Security Update 2.10.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16873-16823 CBL-Mariner Releases 1.0 2023-04-25T00:00:00 <p>Information published.</p> 1.1 2023-08-03T00:00:00 <p>Information published.</p> `HINCRBYFLOAT` can be used to crash a redis-server process <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-28856 Reachable Assertion 17898-16820 17899-16823 17898-16820 17899-16823 Moderate 17898-16820 Moderate 17899-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17898-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17899-16823 CBL-Mariner Releases 17898-16820 17899-16823 No Security Update 6.2.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17898-16820 17899-16823 CBL-Mariner Releases 1.0 2023-04-25T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> In Shadow 4.13 it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g. adding a new user fails because \n is in the block list) it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words an adversary may be able to convince a system administrator to take the system offline (an indirect social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-29383 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 18380-16823 18380-16823 Low 18380-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 18380-16823 CBL-Mariner Releases 18380-16823 No Security Update 4.9-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18380-16823 CBL-Mariner Releases 1.0 2023-04-24T00:00:00 <p>Information published.</p> ncurses before 6.4 20230408 when used by a setuid application allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-29491 Out-of-bounds Write 17900-16820 17901-16823 17900-16820 17901-16823 Important 17900-16820 Important 17901-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17900-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17901-16823 CBL-Mariner Releases 17900-16820 17901-16823 No Security Update 6.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17900-16820 17901-16823 CBL-Mariner Releases 1.0 2023-04-24T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-30612 Use After Free 18379-16823 18379-16823 Moderate 18379-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18379-16823 CBL-Mariner Releases 18379-16823 No Security Update 31.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18379-16823 CBL-Mariner Releases 1.0 2023-04-25T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-30772 Use After Free 17893-16820 17897-16820 17889-16823 17893-16820 17897-16820 17889-16823 Moderate 17893-16820 Moderate 17897-16820 Moderate 17889-16823 6.4 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17893-16820 6.4 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17897-16820 6.4 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17889-16823 CBL-Mariner Releases 17893-16820 No Security Update 5.10.179.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17893-16820 CBL-Mariner Releases CBL-Mariner Releases 17897-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17897-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-25T00:00:00 <p>Information published.</p> 1.1 2023-04-27T00:00:00 <p>Added kernel to CBL-Mariner 1.0 Added kernel to CBL-Mariner 2.0</p> 1.2 2023-05-03T00:00:00 <p>Information published.</p> An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event wait_event_interruptible is called; the condition is dvb_frontend_test_event(feprivevents). In dvb_frontend_test_event down(&fepriv->sem) is called. However wait_event_interruptible would put the process to sleep and down(&fepriv->sem) may block the process. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-31084 17328-16823 16989-17084 19791-17084 17328-16823 16989-17084 19791-17084 Moderate 17328-16823 Moderate 16989-17084 Moderate 19791-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17328-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16989-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19791-17084 CBL-Mariner Releases 17328-16823 No Security Update 5.15.158.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17328-16823 CBL-Mariner Releases CBL-Mariner Releases 16989-17084 19791-17084 No Security Update 6.6.35.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16989-17084 19791-17084 CBL-Mariner Releases 1.2 2024-10-05T00:00:00 <p>Information published.</p> 1.5 2024-10-08T00:00:00 <p>Information published.</p> 2.0 2024-12-03T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0 Added hyperv-daemons to Azure Linux 3.0</p> 2.1 2026-02-19T01:04:05 <p>Information published.</p> 1.0 2023-09-01T00:00:00 <p>Information published.</p> 1.1 2024-08-15T00:00:00 <p>Information published.</p> 1.3 2024-10-06T00:00:00 <p>Information published.</p> 1.4 2024-10-07T00:00:00 <p>Information published.</p> 1.6 2024-10-09T00:00:00 <p>Information published.</p> 1.7 2024-10-10T00:00:00 <p>Information published.</p> 1.8 2024-10-11T00:00:00 <p>Information published.</p> 1.9 2024-10-12T00:00:00 <p>Information published.</p> Backticks not treated as string delimiters in html/template <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-24538 Improper Control of Generation of Code (&#39;Code Injection&#39;) 18315-17084 19679-17084 19778-17086 19668-17086 19693-17084 17485-17084 19697-17084 17375-16823 18136-16823 18151-16823 18152-17084 19785-17086 19712-17086 17667-17084 18315-17084 19679-17084 19778-17086 19668-17086 19693-17084 17485-17084 19697-17084 17375-16823 18136-16823 18151-16823 18152-17084 19785-17086 19712-17086 17667-17084 Critical 18315-17084 Critical 19679-17084 Critical 19778-17086 Critical 19668-17086 Critical 19693-17084 Critical 17485-17084 Critical 19697-17084 Critical 17375-16823 Critical 18136-16823 Critical 18151-16823 Critical 18152-17084 Critical 19785-17086 Critical 19712-17086 Critical 17667-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18315-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19679-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19778-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19668-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17485-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19697-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17375-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18136-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18151-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18152-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19785-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19712-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17667-17084 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18136-16823 No Security Update 1.20.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18136-16823 CBL-Mariner Releases CBL-Mariner Releases 18151-16823 18152-17084 No Security Update 1.19.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18151-16823 18152-17084 CBL-Mariner Releases 1.0 2025-09-03T23:00:31 <p>Information published.</p> 1.1 2026-02-18T02:26:26 <p>Information published.</p> sensitive data exposure in cloud-init logs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-2084 Insertion of Sensitive Information into Log File 18424-16820 18424-16820 Moderate 18424-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18424-16820 CBL-Mariner Releases 18424-16820 No Security Update 21.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18424-16820 CBL-Mariner Releases 1.0 2023-05-02T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-28235 Improper Authentication 19460-16823 19460-16823 Critical 19460-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19460-16823 CBL-Mariner Releases 19460-16823 No Security Update 3.5.4-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19460-16823 CBL-Mariner Releases 1.0 2023-04-18T00:00:00 <p>Information published.</p> An issue was discovered in Treasure Data Fluent Bit 1.7.1 erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software triggering use-after-free and execute arbitrary code on the target system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-46878 Access of Resource Using Incompatible Type ('Type Confusion') 18492-16820 18492-16820 Important 18492-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18492-16820 CBL-Mariner Releases 18492-16820 No Security Update 1.5.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18492-16820 CBL-Mariner Releases 1.0 2023-04-18T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> An issue was discovered in Treasure Data Fluent Bit 1.7.1 a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software triggering a heap overflow and execute arbitrary code on the target system. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-46879 Out-of-bounds Write 18492-16820 18492-16820 Important 18492-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18492-16820 CBL-Mariner Releases 18492-16820 No Security Update 1.5.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18492-16820 CBL-Mariner Releases 1.0 2023-04-18T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-19692 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 18574-16823 18574-16823 Critical 18574-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18574-16823 CBL-Mariner Releases 18574-16823 No Security Update 1.22.1-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18574-16823 CBL-Mariner Releases 1.0 2023-04-11T00:00:00 <p>Information published.</p> Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-19695 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 19190-16823 19190-16823 Critical 19190-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19190-16823 CBL-Mariner Releases 19190-16823 No Security Update 1.22.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19190-16823 CBL-Mariner Releases 1.0 2023-04-10T00:00:00 <p>Information published.</p> libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-27545 Release of Invalid Pointer or Reference 19917-17086 16879-16823 16880-17084 19917-17086 16879-16823 16880-17084 Moderate 19917-17086 Moderate 16879-16823 Moderate 16880-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19917-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16879-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16880-17084 CBL-Mariner Releases 16879-16823 No Security Update 0.9.0 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16879-16823 CBL-Mariner Releases CBL-Mariner Releases 16880-17084 No Security Update 0.9.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16880-17084 CBL-Mariner Releases 1.0 2025-09-03T20:20:53 <p>Information published.</p> 1.1 2026-02-18T02:28:19 <p>Information published.</p> libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-28163 NULL Pointer Dereference 19917-17086 16879-16823 16880-17084 19917-17086 16879-16823 16880-17084 Moderate 19917-17086 Moderate 16879-16823 Moderate 16880-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19917-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16879-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16880-17084 CBL-Mariner Releases 16879-16823 No Security Update 0.9.0 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16879-16823 CBL-Mariner Releases CBL-Mariner Releases 16880-17084 No Security Update 0.9.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16880-17084 CBL-Mariner Releases 1.1 2026-02-18T02:29:02 <p>Information published.</p> 1.0 2025-09-03T20:22:17 <p>Information published.</p> CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-31484 Improper Certificate Validation 19954-17086 17843-16823 19954-17086 17843-16823 Important 19954-17086 Important 17843-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19954-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17843-16823 CBL-Mariner Releases 19954-17086 17843-16823 No Security Update 5.34.1-489 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19954-17086 17843-16823 CBL-Mariner Releases 1.0 2025-09-03T22:23:25 <p>Information published.</p> 1.1 2026-02-18T02:17:32 <p>Information published.</p> A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0225 Incorrect Permission Assignment for Critical Resource 16864-17084 16864-17084 Moderate 16864-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> The Samba AD DC administration tool when operating against a remote LDAP server will by default send new or reset passwords over a signed-only connection. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0922 Cleartext Transmission of Sensitive Information 16864-17084 16864-17084 Moderate 16864-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 16864-17084 CBL-Mariner Releases 16864-17084 No Security Update 4.18.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16864-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0 OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow but with an incorrect action possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1668 Always-Incorrect Control Flow Implementation 18385-16823 18386-17084 18385-16823 18386-17084 Important 18385-16823 Important 18386-17084 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 18385-16823 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 18386-17084 CBL-Mariner Releases 18385-16823 No Security Update 2.17.5-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18385-16823 CBL-Mariner Releases CBL-Mariner Releases 18386-17084 No Security Update 2.17.5-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18386-17084 CBL-Mariner Releases 1.0 2023-04-11T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Use-after-free in tcindex (traffic control index filter) in the Linux Kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-1829 Use After Free 17902-16820 17903-16823 17902-16820 17903-16823 Important 17902-16820 Important 17903-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17902-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-04-20T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1855 Use After Free 17897-16820 17902-16820 17904-16823 17903-16823 17897-16820 17902-16820 17904-16823 17903-16823 Moderate 17897-16820 Moderate 17902-16820 Moderate 17904-16823 Moderate 17903-16823 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 17897-16820 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 17902-16820 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 17904-16823 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 17903-16823 CBL-Mariner Releases 17897-16820 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17897-16820 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17904-16823 No Security Update 5.15.107.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17904-16823 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-04-13T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> 1.2 2023-04-18T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 1.0 Added hyperv-daemons to CBL-Mariner 2.0</p> 1.3 2023-05-03T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's io_uring subsystem <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-1872 Use After Free 17902-16820 17889-16823 17902-16820 17889-16823 Important 17902-16820 Important 17889-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17902-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17889-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-20T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw a call to btsdio_remove with an unfinished job may cause a race problem leading to a UAF on hdev devices. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1989 Use After Free 17902-16820 17835-16823 17903-16823 17902-16820 17835-16823 17903-16823 Important 17902-16820 Important 17835-16823 Important 17903-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17902-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17835-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17835-16823 No Security Update 5.15.118.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17835-16823 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-04-20T00:00:00 <p>Information published.</p> 1.1 2023-06-05T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> 1.2 2023-05-03T00:00:00 <p>Information published.</p> A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1990 Use After Free 17897-16820 17902-16820 17903-16823 17897-16820 17902-16820 17903-16823 Moderate 17897-16820 Moderate 17902-16820 Moderate 17903-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17897-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17902-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17903-16823 CBL-Mariner Releases 17897-16820 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17897-16820 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-04-20T00:00:00 <p>Information published.</p> 1.1 2023-04-24T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 1.0</p> 1.2 2023-05-03T00:00:00 <p>Information published.</p> Spectre v2 SMT mitigations problem in Linux kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-1998 Observable Discrepancy 17893-16820 17894-16820 17889-16823 17835-16823 17893-16820 17894-16820 17889-16823 17835-16823 Moderate 17893-16820 Moderate 17894-16820 Moderate 17889-16823 Moderate 17835-16823 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 17893-16820 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 17894-16820 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 17889-16823 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 17835-16823 CBL-Mariner Releases 17893-16820 No Security Update 5.10.179.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17893-16820 CBL-Mariner Releases CBL-Mariner Releases 17894-16820 No Security Update 5.10.189.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17894-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases CBL-Mariner Releases 17835-16823 No Security Update 5.15.118.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17835-16823 CBL-Mariner Releases 1.0 2023-05-04T00:00:00 <p>Information published.</p> 1.1 2023-05-05T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> 1.2 2023-04-24T00:00:00 <p>Information published.</p> 1.3 2023-04-25T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 1.0</p> Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2004 18469-17084 17905-16820 17906-16823 18469-17084 17905-16820 17906-16823 18469-17084 Important 17905-16820 Important 17906-16823 CBL-Mariner Releases 17905-16820 17906-16823 No Security Update 2.13.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17905-16820 17906-16823 CBL-Mariner Releases 1.0 2023-04-17T00:00:00 <p>Information published.</p> 1.1 2023-04-18T00:00:00 <p>Added freetype to CBL-Mariner 2.0</p> 1.2 2023-05-25T00:00:00 <p>Information published.</p> A race condition was found in the Linux kernel's RxRPC network protocol within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2006 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17863-16820 17889-16823 17863-16820 17889-16823 Important 17863-16820 Important 17889-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17863-16820 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17889-16823 CBL-Mariner Releases 17863-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17863-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-05-05T00:00:00 <p>Information published.</p> A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2008 Improper Validation of Array Index 17863-16820 17889-16823 17863-16820 17889-16823 Important 17863-16820 Important 17889-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17863-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17889-16823 CBL-Mariner Releases 17863-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17863-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-25T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2162 Use After Free 17863-16820 17889-16823 17863-16820 17889-16823 Moderate 17863-16820 Moderate 17889-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17863-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17889-16823 CBL-Mariner Releases 17863-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17863-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-30T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2177 NULL Pointer Dereference 17863-16820 17889-16823 17863-16820 17889-16823 Moderate 17863-16820 Moderate 17889-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17863-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17889-16823 CBL-Mariner Releases 17863-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17863-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-28T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-21976 17954-16823 17954-16823 Moderate 17954-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17954-16823 CBL-Mariner Releases 17954-16823 No Security Update 8.0.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17954-16823 CBL-Mariner Releases 1.0 2023-04-20T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-21977 17954-16823 17954-16823 Moderate 17954-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17954-16823 CBL-Mariner Releases 17954-16823 No Security Update 8.0.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17954-16823 CBL-Mariner Releases 1.0 2023-04-20T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-21980 Improper Access Control 17954-16823 17954-16823 Important 17954-16823 7.1 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 17954-16823 CBL-Mariner Releases 17954-16823 No Security Update 8.0.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17954-16823 CBL-Mariner Releases 1.0 2023-04-22T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> Use of Out-of-range Pointer Offset in vim/vim <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntr_ai Yes CVE-2023-2426 17882-16820 17883-16823 17882-16820 17883-16823 Moderate 17882-16820 Moderate 17883-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17882-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17883-16823 CBL-Mariner Releases 17882-16820 17883-16823 No Security Update 9.0.1562-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17882-16820 17883-16823 CBL-Mariner Releases 1.0 2023-05-08T00:00:00 <p>Information published.</p> 1.1 2023-05-09T00:00:00 <p>Added vim to CBL-Mariner 1.0</p> Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13 6.x before 6.2.8 and 6.3.x before 6.4.3. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-24607 17907-16820 17908-16823 17907-16820 17908-16823 Important 17907-16820 Important 17908-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17907-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17908-16823 CBL-Mariner Releases 17907-16820 No Security Update 5.12.11-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17907-16820 CBL-Mariner Releases CBL-Mariner Releases 17908-16823 No Security Update 5.15.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17908-16823 CBL-Mariner Releases 1.0 2023-04-15T00:00:00 <p>Information published.</p> 1.1 2023-05-05T00:00:00 <p>Information published.</p> socket.c in GNU Screen through 4.9.0 when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD) allows local users to send a privileged SIGHUP signal to any PID causing a denial of service or disruption of the target process. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-24626 Incorrect Permission Assignment for Critical Resource 18382-16823 18382-16823 Moderate 18382-16823 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 18382-16823 CBL-Mariner Releases 18382-16823 No Security Update 4.9.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18382-16823 CBL-Mariner Releases 1.0 2023-04-21T00:00:00 <p>Information published.</p> libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26916 NULL Pointer Dereference 18383-16823 18383-16823 Moderate 18383-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18383-16823 CBL-Mariner Releases 18383-16823 No Security Update 2.1.55-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18383-16823 CBL-Mariner Releases 1.0 2023-04-09T00:00:00 <p>Information published.</p> 1.1 2023-09-27T00:00:00 <p>Information published.</p> libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26917 NULL Pointer Dereference 18383-16823 18383-16823 Important 18383-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18383-16823 CBL-Mariner Releases 18383-16823 No Security Update 2.1.55-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18383-16823 CBL-Mariner Releases 1.0 2023-04-19T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-28327 NULL Pointer Dereference 17889-16823 17889-16823 Moderate 17889-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17889-16823 CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-04-30T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-28625 NULL Pointer Dereference 18363-16823 18363-16823 Important 18363-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18363-16823 CBL-Mariner Releases 18363-16823 No Security Update 2.4.14.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18363-16823 CBL-Mariner Releases 1.0 2023-05-26T00:00:00 <p>Information published.</p> vitess allows users to create keyspaces that can deny access to already existing keyspaces <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-29194 Improper Input Validation 18372-16823 18372-16823 Low 18372-16823 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 18372-16823 CBL-Mariner Releases 18372-16823 No Security Update 16.0.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18372-16823 CBL-Mariner Releases 1.0 2023-04-25T00:00:00 <p>Information published.</p> 1.1 2023-06-03T00:00:00 <p>Information published.</p> An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document xmlDictComputeFastKey in dict.c can produce non-deterministic values leading to various logic and memory errors such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string and any value is possible (not solely the '\0' value). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-29469 Double Free 16873-16823 16873-16823 Moderate 16873-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 16873-16823 CBL-Mariner Releases 16873-16823 No Security Update 2.10.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16873-16823 CBL-Mariner Releases 1.0 2023-04-25T00:00:00 <p>Information published.</p> 1.1 2023-08-03T00:00:00 <p>Information published.</p> An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-30456 17902-16820 17903-16823 17902-16820 17903-16823 Moderate 17902-16820 Moderate 17903-16823 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 17902-16820 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 17903-16823 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases 1.0 2023-04-15T00:00:00 <p>Information published.</p> 1.1 2023-05-03T00:00:00 <p>Information published.</p> Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because for example execution of Dmidecode via Sudo is plausible. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-30630 Relative Path Traversal 18384-16823 18384-16823 Important 18384-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18384-16823 CBL-Mariner Releases 18384-16823 No Security Update 3.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18384-16823 CBL-Mariner Releases 1.0 2023-04-18T00:00:00 <p>Information published.</p> 1.1 2023-09-29T00:00:00 <p>Information published.</p> qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-31436 Out-of-bounds Write 17885-16820 17863-16820 17888-16823 17889-16823 17885-16820 17863-16820 17888-16823 17889-16823 Important 17885-16820 Important 17863-16820 Important 17888-16823 Important 17889-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17885-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17863-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17888-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17889-16823 CBL-Mariner Releases 17885-16820 No Security Update 5.10.179.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17885-16820 CBL-Mariner Releases CBL-Mariner Releases 17863-16820 No Security Update 5.10.181.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17863-16820 CBL-Mariner Releases CBL-Mariner Releases 17888-16823 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17888-16823 17889-16823 CBL-Mariner Releases 1.0 2023-05-06T00:00:00 <p>Information published.</p> 1.1 2023-05-15T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 1.0 Added hyperv-daemons to CBL-Mariner 2.0</p> HTTP::Tiny before 0.083 a Perl core module since 5.13.9 and available standalone on CPAN has an insecure default TLS configuration where users must opt in to verify certificates. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-31486 Improper Certificate Validation 19954-17086 17842-16820 17843-16823 19954-17086 17842-16820 17843-16823 Important 19954-17086 Important 17842-16820 Important 17843-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19954-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17842-16820 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17843-16823 CBL-Mariner Releases 19954-17086 17843-16823 No Security Update 5.34.1-489 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19954-17086 17843-16823 CBL-Mariner Releases CBL-Mariner Releases 17842-16820 No Security Update 5.30.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17842-16820 CBL-Mariner Releases 1.0 2023-06-23T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> 1.2 2026-02-18T02:18:31 <p>Information published.</p> Excessive memory allocation in net/http and net/textproto <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-24534 Uncontrolled Resource Consumption 18315-17084 17667-17084 17375-16823 18140-16823 18138-16823 18141-17084 19679-17084 19778-17086 19785-17086 19712-17086 19668-17086 19693-17084 19762-17084 19697-17084 18315-17084 17667-17084 17375-16823 18140-16823 18138-16823 18141-17084 19679-17084 19778-17086 19785-17086 19712-17086 19668-17086 19693-17084 19762-17084 19697-17084 Important 18315-17084 Important 17667-17084 Important 17375-16823 Important 18140-16823 Important 18138-16823 Important 18141-17084 Important 19679-17084 Important 19778-17086 Important 19785-17086 Important 19712-17086 Important 19668-17086 Important 19693-17084 Important 19762-17084 Important 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17375-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18140-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18138-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18141-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19762-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18140-16823 18138-16823 18141-17084 No Security Update 1.20.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18140-16823 18138-16823 18141-17084 CBL-Mariner Releases CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases 1.1 2026-02-18T02:21:02 <p>Information published.</p> 1.0 2025-09-03T22:40:02 <p>Information published.</p> Excessive resource consumption in net/http, net/textproto and mime/multipart <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-24536 Allocation of Resources Without Limits or Throttling 18315-17084 19778-17086 19785-17086 19712-17086 19693-17084 17375-16823 18140-16823 19668-17086 17667-17084 19697-17084 18315-17084 19778-17086 19785-17086 19712-17086 19693-17084 17375-16823 18140-16823 19668-17086 17667-17084 19697-17084 Important 18315-17084 Important 19778-17086 Important 19785-17086 Important 19712-17086 Important 19693-17084 Important 17375-16823 Important 18140-16823 Important 19668-17086 Important 17667-17084 Important 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17375-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18140-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18140-16823 No Security Update 1.20.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18140-16823 CBL-Mariner Releases 1.1 2026-02-18T02:36:33 <p>Information published.</p> 1.0 2025-09-03T23:51:46 <p>Information published.</p> Infinite loop in parsing in go/scanner <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-24537 Integer Overflow or Wraparound 18315-17084 19679-17084 19785-17086 19778-17086 17667-17084 19693-17084 19697-17084 17375-16823 18136-16823 18138-16823 18141-17084 19668-17086 19712-17086 17485-17084 18315-17084 19679-17084 19785-17086 19778-17086 17667-17084 19693-17084 19697-17084 17375-16823 18136-16823 18138-16823 18141-17084 19668-17086 19712-17086 17485-17084 Important 18315-17084 Important 19679-17084 Important 19785-17086 Important 19778-17086 Important 17667-17084 Important 19693-17084 Important 19697-17084 Important 17375-16823 Important 18136-16823 Important 18138-16823 Important 18141-17084 Important 19668-17086 Important 19712-17086 Important 17485-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17375-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18136-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18138-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18141-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17485-17084 CBL-Mariner Releases 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 19778-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18136-16823 No Security Update 1.20.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18136-16823 CBL-Mariner Releases CBL-Mariner Releases 18138-16823 18141-17084 No Security Update 1.20.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18138-16823 18141-17084 CBL-Mariner Releases 1.1 2026-02-18T02:59:03 <p>Information published.</p> 1.0 2025-09-04T02:29:22 <p>Information published.</p> protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48468 Integer Overflow or Wraparound 18425-16820 18426-16823 18425-16820 18426-16823 Moderate 18425-16820 Moderate 18426-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18425-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18426-16823 CBL-Mariner Releases 18425-16820 No Security Update 1.3.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18425-16820 CBL-Mariner Releases CBL-Mariner Releases 18426-16823 No Security Update 1.4.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18426-16823 CBL-Mariner Releases 1.0 2023-04-19T00:00:00 <p>Information published.</p> 1.1 2023-04-17T00:00:00 <p>Information published.</p> 1.2 2023-05-03T00:00:00 <p>Information published.</p> The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-27043 Improper Input Validation 19968-17084 17667-17084 20557-17084 20708-17084 20962-17084 21100-17084 18296-16823 18297-17084 20790-17084 20917-17084 19968-17084 17667-17084 20557-17084 20708-17084 20962-17084 21100-17084 18296-16823 18297-17084 20790-17084 20917-17084 Moderate 19968-17084 Moderate 17667-17084 Moderate 20557-17084 Moderate 20708-17084 Moderate 20962-17084 Moderate 21100-17084 Moderate 18296-16823 Moderate 18297-17084 Moderate 20790-17084 Moderate 20917-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19968-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17667-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 20557-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 20708-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 20962-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 21100-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 18296-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 18297-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 20790-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 20917-17084 CBL-Mariner Releases 19968-17084 20557-17084 20708-17084 20962-17084 21100-17084 18297-17084 20790-17084 20917-17084 No Security Update 3.12.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19968-17084 20557-17084 20708-17084 20962-17084 21100-17084 18297-17084 20790-17084 20917-17084 CBL-Mariner Releases CBL-Mariner Releases 18296-16823 No Security Update 3.9.19-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18296-16823 CBL-Mariner Releases 3.0 2025-12-07T01:35:56 <p>Information published.</p> 4.1 2026-02-18T01:35:42 <p>Information published.</p> 6.0 2026-03-04T14:35:50 <p>Information published.</p> 1.0 2025-02-01T00:00:00 <p>Information published.</p> 2.0 2025-02-14T00:00:00 <p>Information published.</p> 4.0 2026-01-08T14:35:46 <p>Information published.</p> 5.0 2026-02-20T23:00:09 <p>Information published.</p> 7.0 2026-03-31T14:39:50 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-24914 Use After Free 12085 12086 Elevation of Privilege 12085 Elevation of Privilege 12086 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 Microsoft Input and Composition Servicing team 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft SQL Server Remote Code Execution Vulnerability <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5021522</td> <td>Security update for SQL Server 2022 RTM+GDR (Feb 2023)</td> <td>16.0.1000.6</td> <td>N/A</td> </tr> <tr> <td>5021124</td> <td>Security update for SQL Server 2019 CU18+GDR (Feb 2023)</td> <td>15.0.4003.23 - 15.0.4261.1</td> <td>KB 5017593 – SQL2019 RTM CU18</td> </tr> <tr> <td>5021125</td> <td>Security update for SQL Server 2019 RTM+GDR (Feb 2023)</td> <td>15.0.2000.5 - 15.0.2095.3</td> <td>KB 5014356 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5021126</td> <td>Security update for SQL Server 2017 CU31+GDR (Feb 2023)</td> <td>14.0.3006.16 - 14.0.3456.2</td> <td>KB 5016884 – SQL2017 RTM CU31</td> </tr> <tr> <td>5021127</td> <td>Security update for SQL Server 2017 RTM+GDR (Feb 2023)</td> <td>14.0.1000.169 - 14.0.2042.3</td> <td>KB 5014354 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5021128</td> <td>Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023)</td> <td>13.0.7000.253 - 13.0.7016.1</td> <td>KB 5015371 - Previous Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5021129</td> <td>Security update for SQL Server 2016 SP3+GDR (Feb 2023)</td> <td>13.0.6300.2 - 13.0.6419.1</td> <td>KB 5014355 - Previous SQL2016 SP3 GDR</td> </tr> <tr> <td>5021045</td> <td>Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023)</td> <td>12.0.6205.1 - 12.0.6439.10</td> <td>KB 5014164 – SQL2014 SP3 CU4</td> </tr> <tr> <td>5021037</td> <td>Security update for SQL Server 2014 SP3+GDR (Feb 2023)</td> <td>12.0.6024.0 - 12.0.6169.19</td> <td>KB 5014165 - Previous SQL2014 SP3 GDR</td> </tr> <tr> <td>5021123</td> <td>Security update for SQL Server 2012 SP4+GDR (Feb2023)</td> <td>11.0.7001.0 - 11.0.7507.2</td> <td>KB 4583465 - Previous SQL2012 SP4 GDR</td> </tr> <tr> <td>5021112</td> <td>Security update for SQL Server SQL2008R2 SP3+GDR (Feb2023)</td> <td>10.50.6000.34 - 10.50.6560.0</td> <td>KB 4057113 - Previous SQL2008R2 SP3 GDR</td> </tr> <tr> <td>5020863</td> <td>Security update for SQL Server 2008 SP4+GDR (Feb2023)</td> <td>10.00.6000.29 - 10.00.6556.0</td> <td>KB 4057114 - Previous SQL2008 SP4 GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>How could an attacker successfully exploit this vulnerability?</strong></p> <p>An Out Of Bounds Write Vulnerability exists in the SQLcmd tool that could be leveraged by an unauthenticated attacker to achieve remote code execution. However, since only outdated versions of the library are vulnerable, and the attacker cannot consistently trigger the bytes of memory to be overwritten, this results in a low confidentiality, integrity and availability rating.</p> SQL Server Microsoft Yes CVE-2023-23384 Heap-based Buffer Overflow 11474 11476 11477 11478 11486 11487 11488 11667 11671 11672 11821 11825 12048 12053 12145 12146 12147 Remote Code Execution 11474 Remote Code Execution 11476 Remote Code Execution 11477 Remote Code Execution 11478 Remote Code Execution 11486 Remote Code Execution 11487 Remote Code Execution 11488 Remote Code Execution 11667 Remote Code Execution 11671 Remote Code Execution 11672 Remote Code Execution 11821 Remote Code Execution 11825 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12146 Remote Code Execution 12147 Important 11474 Important 11476 Important 11477 Important 11478 Important 11486 Important 11487 Important 11488 Important 11667 Important 11671 Important 11672 Important 11821 Important 11825 Important 12048 Important 12053 Important 12145 Important 12146 Important 12147 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11474 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11476 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11477 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11478 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11486 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11487 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11488 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11667 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11671 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11672 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11821 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11825 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12048 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12053 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12145 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12146 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 12147 5020863 4057114 11474 11488 Maybe Security Update 10.0.6814.4 5021123 4583465 11476 11477 Maybe Security Update 11.0.7512.11 5021127 https://www.microsoft.com/download/details.aspx?familyid=5521de5b-6966-4a1e-808d-93dd89c2240d 5014354 11478 Maybe Security Update 14.0.2047.8 5021112 4057113 11486 11487 Maybe Security Update 10.50.6785.2 5021037 https://www.microsoft.com/download/details.aspx?familyid=ae1e0ab6-c49c-4ef2-a142-5cb531ef9235 5014165 11667 11671 Maybe Security Update 12.0.6444.4 5021045 https://www.microsoft.com/download/details.aspx?familyid=d7dcf8ea-7219-48a1-941a-23460d9510df 5014164 11672 11825 Maybe Security Update 12.0.6174.8 5021125 https://www.microsoft.com/download/details.aspx?familyid=9bedde5f-de1f-466b-bb67-d2a2d0dfc279 5014356 11821 Maybe Security Update 15.0.2101.7 5021129 https://www.microsoft.com/download/details.aspx?familyid=64412f99-8d5c-47bd-b89a-445b3fd5ce38 5014355 12048 Maybe Security Update 13.0.6430.49 5021128 https://www.microsoft.com/download/details.aspx?familyid=2b43cc11-e9d6-45ed-974b-ff7efb63699c 5015371 12053 Maybe Security Update 13.0.7024.30 5021126 https://www.microsoft.com/download/details.aspx?familyid=d2c2ddec-ab33-4dc5-b2ef-5a9f49d203c6 5014553 12145 Maybe Security Update 14.0.3460.9 5021124 https://www.microsoft.com/download/details.aspx?familyid=32db4259-905f-4462-a2de-b0a0c4b5162b 5014353 12146 Maybe Security Update 15.0.4280.7 5021522 https://www.microsoft.com/download/details.aspx?familyid=2f9ea572-d508-46b7-864f-882932c1ad37 12147 Maybe Security Update 16.0.1050.5 FooBar 1.0 2023-04-11T07:00:00 <p>Information published. This CVE was addressed by updates that were released in February 2023, but the CVE was inadvertently omitted from the February 2023 Security Updates. This is an informational change only. Customers who have already installed the February 2023 updates do not need to take any further action.</p> Chromium: CVE-2023-2033 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2023-2033 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.48</td> <td>4/15/2023</td> <td>112.0.5615.121</td> </tr> <tr> <td>109.01518.100</td> <td>4/24/2023</td> <td>109.0.5414.141</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2033 11655 11655 Critical 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.1722.48 1.0 2023-04-15T07:00:00 <p>Information published.</p> 1.1 2023-04-25T07:00:00 <p>Updated CVE to indicate that the update to address this vulnerability has been addressed in the 109 version of Edge.</p> Chromium: CVE-2023-2136 Integer overflow in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2023-2136 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.54</td> <td>4/20/2023</td> <td>112.0.5615.137</td> </tr> <tr> <td>109.01518.100</td> <td>4/24/2023</td> <td>109.0.5414.141</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2136 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.1722.54 1.0 2023-04-19T18:29:07 <p>Information published.</p> 1.1 2023-04-25T07:00:00 <p>Updated CVE to indicate that the update to address this vulnerability has been addressed in the 109 version of Edge.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing Microsoft Yes CVE-2023-21769 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Haifei Li with <a href="https://research.checkpoint.com">Check Point Research</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p> Windows RPC API Microsoft Yes CVE-2023-21729 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11570 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11801 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11802 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11926 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11927 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an authenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.</p> Windows RPC API Microsoft Yes CVE-2023-21727 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> 1.1 2023-04-12T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Microsoft ODBC and OLE DB Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server from <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718</a>. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft ODBC Driver 17 or 18 for SQL Server or Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this security bulletin, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft ODBC Driver 17 or 18 for SQL Server or Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this security bulletin, which provide protection against this vulnerability.</p> SQL Server Microsoft Yes CVE-2023-23375 Improper Input Validation 12181 12180 12179 12178 Remote Code Execution 12181 Remote Code Execution 12180 Remote Code Execution 12179 Remote Code Execution 12178 Important 12181 Important 12180 Important 12179 Important 12178 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12181 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12180 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12179 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12178 Release Notes https://learn.microsoft.com/en-us/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server?view=sql-server-ver16#previous-releases 12181 Maybe Security Update 18.6.5 Release Notes https://learn.microsoft.com/en-us/sql/connect/oledb/download-oledb-driver-for-sql-server?view=sql-server-ver16 12180 Maybe Security Update 19.3.0 Release Notes https://learn.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16#version-17 12179 Maybe Security Update 17.10.3.1 Release Notes https://learn.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16#download-for-windows 12178 Maybe Security Update 18.2.1.1 <a href="https://twitter.com/sagitz_">Sagi Tzadik</a> with <a href="https://wiz.io/">Wiz</a> 1.1 2023-05-16T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.2 2023-10-11T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2023-24912 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/lxi4oyu">xi4oyu</a> and <a href="https://twitter.com/jq0904">Quan Jin</a> 1.0 2023-04-11T07:00:00 <p>Information published. This CVE was addressed by updates that were released in January 2023, but the CVE was inadvertently omitted from the January 2023 Security Updates. This is an informational change only. Customers who have already installed the January 2023 updates do not need to take any further action.</p> Microsoft Defender Denial of Service Vulnerability <table> <thead> <tr> <th>References</th> <th>Identification</th> </tr> </thead> <tbody> <tr> <td>Last version of the Microsoft Malware Protection Engine affected by this vulnerability</td> <td>1.1.20100.6</td> </tr> <tr> <td>First version of the Microsoft Malware Protection Engine with this vulnerability addressed</td> <td>Version 1.1.20200.4</td> </tr> </tbody> </table> <p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p> <p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p> <p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p> <p><strong>Why is no action required to install this update?</strong></p> <p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p> <p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p> <p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.</p> <p><strong>How often are the Microsoft Malware Protection Engine and malware definitions updated?</strong></p> <p>Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p> <p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p> <p><strong>What is the Microsoft Malware Protection Engine?</strong></p> <p>The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.</p> <p><strong>Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default?</strong></p> <p>Defender runs on all supported version of Windows.</p> <p><strong>Are there other products that use the Microsoft Malware Protection Engine?</strong></p> <p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p> <p><strong>Does this update contain any additional security-related changes to functionality?</strong></p> <p>Yes.  In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p> <h2 id="suggested-actions">Suggested Actions</h2> <p><strong>Verify that the update is installed</strong></p> <p>Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p> <ol> <li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li> <li>In the navigation pane, select Virus &amp; threat protection.</li> <li>Under Virus &amp; threat protection updates in the main window, select Check for updates</li> <li>Select Check for updates again.</li> <li>In the navigation pane, select Settings, and then select About.</li> <li>Examine the Engine Version number. The update was successfully installed if the Malware Protection Engine version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li> </ol> Microsoft Defender for Endpoint Microsoft Yes CVE-2023-24860 11902 Denial of Service 11902 Important 11902 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11902 Release Notes 11902 No Security Update 1.1.20200.4 Tomer Bar with SafeBreach Shmuel Cohen with SafeBreach 1.0 2023-04-11T07:00:00 <p>Information published.</p> 1.1 2023-04-12T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Microsoft Yes CVE-2023-24931 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows ALPC Microsoft Yes CVE-2023-28216 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Microsoft Offensive Research &amp; Security Engineering 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Microsoft Yes CVE-2023-28217 Uncontrolled Resource Consumption 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</p> <p>This vulnerability is limited to attacker traffic inside the NAT firewall. An enterprise perimeter firewall can be used to mitigate this attack. A NAT firewall works by only allowing requested internet traffic to pass through the gateway. Internet routed network traffic cannot attack the Windows Network Address Translation Service for this vulnerability.</p> Microsoft WSD EPIN CoreNET 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2023-28218 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Junoh Lee with <a href="https://theori.io/">Theori</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Error Reporting Service Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to locate a machine with rare, seldom used, non-default telemetry settings and wait for a bug check to be initiated on the target machine.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Error Reporting Microsoft Yes CVE-2023-28221 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 Naceri with MSRC Vulnerabilities & Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p> Windows Kernel Microsoft Yes CVE-2023-28222 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11570 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11801 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11802 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9312 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10287 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9318 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 9344 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> with Infigo IS Abdelhamid Naceri 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24926 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24885 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24927 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24886 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24928 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24929 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24887 Integer Underflow (Wrap or Wraparound) 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> Microsoft Office Microsoft Yes CVE-2023-28285 Use After Free 11575 11762 11763 11951 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Important 11575 Important 11762 Important 11763 Important 11951 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.72.23040900 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases Michael DePlante (@izobashi) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> HAO LI of VenusTech ADLab Kai Lu with Zscaler&#39;s ThreatLabz 1.0 2023-04-11T07:00:00 <p>Information published.</p> 1.1 2023-04-11T07:00:00 <p>Updated CVE title. This is an informational change only.</p> Microsoft Publisher Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> Microsoft Office Publisher Microsoft Yes CVE-2023-28287 Use After Free 10749 10750 10609 10610 11952 11953 11763 11574 11742 11762 11573 Remote Code Execution 10749 Remote Code Execution 10750 Remote Code Execution 10609 Remote Code Execution 10610 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11763 Remote Code Execution 11574 Remote Code Execution 11742 Remote Code Execution 11762 Remote Code Execution 11573 Important 10749 Important 10750 Important 10609 Important 10610 Important 11952 Important 11953 Important 11763 Important 11574 Important 11742 Important 11762 Important 11573 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10749 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10750 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10609 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10610 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11742 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 5002221 https://www.microsoft.com/download/details.aspx?familyid=41d1ecd5-c65f-43cb-89bd-39e8d9691723 4493152 10749 Maybe Security Update 16.0.5391.1000 5002221 https://www.microsoft.com/download/details.aspx?familyid=4d29f474-bcbb-4f37-8c4a-b308256fc6ce 4493152 10750 Maybe Security Update 16.0.5391.1000 5002213 https://www.microsoft.com/download/details.aspx?familyid=626c4460-f756-43f2-9613-dbe63c956a35 4484347 10609 Maybe Security Update 15.0.5545.1000 5002213 https://www.microsoft.com/download/details.aspx?familyid=7a14746f-4f06-4c6b-990c-cabc36ddeaf1 4484347 10610 Maybe Security Update 15.0.5545.1000 Click to Run 11952 11953 11763 11574 11762 11573 No Security Update https://aka.ms/OfficeSecurityReleases 5002213 4484347 11742 Maybe Security Update 15.0.5545.1000 Microsoft Word Team 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p><strong>I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?</strong></p> <p>No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.</p> <p>Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability will allow an attacker to read local files with the XSL extension.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?</strong></p> <p>The attacker's operation is performed with an impersonation as <a href="https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/www-authentication-authorization/understanding-identities#iusr---anonymous-authentication">IUSR</a></p> Microsoft Office SharePoint Microsoft Yes CVE-2023-28288 Server-Side Request Forgery (SSRF) 10950 11099 11585 11961 10612 Spoofing 10950 Spoofing 11099 Spoofing 11585 Spoofing 11961 Spoofing 10612 Important 10950 Important 11099 Important 11585 Important 11961 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10950 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11099 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11585 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11961 8.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10612 5002385 https://www.microsoft.com/download/details.aspx?familyid=573e6815-2892-4e90-81d1-3e427bdbf100 5002368 10950 Maybe Security Update 16.0.5391.1000 5002385 https://support.microsoft.com/help/5002385 10950 5002381 https://www.microsoft.com/download/details.aspx?familyid=c485894e-5124-4790-8369-7294ee65ce36 5002367 11099 Maybe Cumulative Update 15.0.5545.1000 5002383 https://www.microsoft.com/download/details.aspx?familyid=10ec5502-82fa-4d04-9d22-aaf10d55121a 5002367 11099 10612 Maybe Security Update 15.0.5545.1000 5002373 https://www.microsoft.com/download/details.aspx?familyid=5fe471e1-9dd2-470a-8f31-2ac295bc7e6f 5002358 11585 Maybe Security Update 16.0.10397.20002 5002375 https://www.microsoft.com/download/details.aspx?familyid=495e9477-de14-4af5-bf1f-9427dc64fd8c 5002355 11961 Maybe Security Update 16.0.16130.20314 5002375 https://support.microsoft.com/help/5002375 11961 <a href="https://twitter.com/chudypb">Piotr Bazydlo (@chudypb)</a> of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> 1.1 2023-06-15T07:00:00 <p>Added FAQ information. This is an informational change only.</p> Raw Image Extension Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update [https://www.microsoft.com/licensing/ServiceCenter/default.aspx).</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>What version of the Raw Image Extension is secure?</strong></p> <p>The secure version for operating systems running Windows 11 Build 22621 operating systems, is v2.1.60611.0 and later. The secure version for operating systems running Windows 10 and Windows 11 Build 18362 is v2.0.60612.0 and later.</p> <table> <thead> <tr> <th>Windows</th> <th>Build</th> <th>Raw Image</th> </tr> </thead> <tbody> <tr> <td>Window 11</td> <td>Build 22621</td> <td>Raw 2.1.60611.0</td> </tr> <tr> <td>Window 11</td> <td>Build 18362</td> <td>Raw 2.0.60612.0</td> </tr> <tr> <td>Window 10</td> <td>Build 18362</td> <td>Raw 2.0.60612.0</td> </tr> </tbody> </table> Windows Raw Image Extension Microsoft Yes CVE-2023-28291 Improper Input Validation 11804-11801 11804-11802 11804-11926 11804-11927 11804-11929 11804-11930 11804-11931 11804-12085 11804-12086 11804-10729 11804-10735 Remote Code Execution 11804-11801 Remote Code Execution 11804-11802 Remote Code Execution 11804-11926 Remote Code Execution 11804-11927 Remote Code Execution 11804-11929 Remote Code Execution 11804-11930 Remote Code Execution 11804-11931 Remote Code Execution 11804-12085 Remote Code Execution 11804-12086 Remote Code Execution 11804-10729 Remote Code Execution 11804-10735 Critical 11804-11801 Critical 11804-11802 Critical 11804-11926 Critical 11804-11927 Critical 11804-11929 Critical 11804-11930 Critical 11804-11931 Critical 11804-12085 Critical 11804-12086 Critical 11804-10729 Critical 11804-10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11801 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11802 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11926 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11927 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11929 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11930 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11931 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-12085 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-12086 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10729 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10735 Update Information 11804-11801 11804-11802 11804-11929 11804-11930 11804-11931 11804-12085 11804-12086 11804-10729 11804-10735 Maybe Security Update 2.1.60611.0 Update Information 11804-11926 11804-11927 Maybe Security Update 2.0.60612.0 ze0r with venustech ADLAB 1.0 2023-04-11T07:00:00 <p>Information published.</p> Raw Image Extension Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update [https://www.microsoft.com/licensing/ServiceCenter/default.aspx).</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>What version of the Raw Image Extension is secure?</strong></p> <p>The secure version for operating systems running Windows 11 Build 22621 operating systems, is v2.1.60611.0 and later. The secure version for operating systems running Windows 10 and Windows 11 Build 18362 is v2.0.60612.0 and later.</p> <table> <thead> <tr> <th>Windows</th> <th>Build</th> <th>Raw Image</th> </tr> </thead> <tbody> <tr> <td>Window 11</td> <td>Build 22621</td> <td>Raw 2.1.60611.0</td> </tr> <tr> <td>Window 11</td> <td>Build 18362</td> <td>Raw 2.0.60612.0</td> </tr> <tr> <td>Window 10</td> <td>Build 18362</td> <td>Raw 2.0.60612.0</td> </tr> </tbody> </table> Windows Raw Image Extension Microsoft Yes CVE-2023-28292 Heap-based Buffer Overflow 11804-11801 11804-11802 11804-11926 11804-11927 11804-11929 11804-11930 11804-11931 11804-12085 11804-12086 11804-10729 11804-10735 Remote Code Execution 11804-11801 Remote Code Execution 11804-11802 Remote Code Execution 11804-11926 Remote Code Execution 11804-11927 Remote Code Execution 11804-11929 Remote Code Execution 11804-11930 Remote Code Execution 11804-11931 Remote Code Execution 11804-12085 Remote Code Execution 11804-12086 Remote Code Execution 11804-10729 Remote Code Execution 11804-10735 Important 11804-11801 Important 11804-11802 Important 11804-11926 Important 11804-11927 Important 11804-11929 Important 11804-11930 Important 11804-11931 Important 11804-12085 Important 11804-12086 Important 11804-10729 Important 11804-10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-10735 Update Information 11804-11801 11804-11802 11804-11929 11804-11930 11804-11931 11804-12085 11804-12086 11804-10729 11804-10735 Maybe Security Update 2.1.60611.0 Update Information 11804-11926 11804-11927 Maybe Security Update 2.0.60612.0 ze0r with venustech ADLAB 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft Publisher Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> Microsoft Office Publisher Microsoft Yes CVE-2023-28295 Integer Overflow or Wraparound 11574 10750 11953 11952 11742 11573 11763 10609 10610 11762 10749 Remote Code Execution 11574 Remote Code Execution 10750 Remote Code Execution 11953 Remote Code Execution 11952 Remote Code Execution 11742 Remote Code Execution 11573 Remote Code Execution 11763 Remote Code Execution 10609 Remote Code Execution 10610 Remote Code Execution 11762 Remote Code Execution 10749 Important 11574 Important 10750 Important 11953 Important 11952 Important 11742 Important 11573 Important 11763 Important 10609 Important 10610 Important 11762 Important 10749 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10750 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11742 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10609 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10610 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10749 Click to Run 11574 11953 11952 11573 11763 11762 No Security Update https://aka.ms/OfficeSecurityReleases 5002221 https://www.microsoft.com/download/details.aspx?familyid=4d29f474-bcbb-4f37-8c4a-b308256fc6ce 4493152 10750 Maybe Security Update 16.0.5391.1000 5002213 4484347 11742 Maybe Security Update 15.0.5545.1000 5002213 https://www.microsoft.com/download/details.aspx?familyid=626c4460-f756-43f2-9613-dbe63c956a35 4484347 10609 Maybe Security Update 15.0.5545.1000 5002213 https://www.microsoft.com/download/details.aspx?familyid=7a14746f-4f06-4c6b-990c-cabc36ddeaf1 4484347 10610 Maybe Security Update 15.0.5545.1000 5002221 https://www.microsoft.com/download/details.aspx?familyid=41d1ecd5-c65f-43cb-89bd-39e8d9691723 4493152 10749 Maybe Security Update 16.0.5391.1000 Microsoft Word Team 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A locally authenticated attacker could exploit this vulnerability by running a specially crafted application which could enable the attacker to execute code with elevated permissions.</p> Windows RPC API Microsoft Yes CVE-2023-28297 Use After Free 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022286 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286 5021237 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.3887 5022286 https://support.microsoft.com/help/5022286 11568 11569 11570 11571 11572 5022291 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291 5021249 11923 11924 Yes Security Update 10.0.20348.1487 5022282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282 5021233 11801 11802 Yes Security Update 10.0.19042.2486 5022282 https://support.microsoft.com/help/5022282 11801 11802 11929 11930 11931 12097 12098 12099 5022287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287 5021234 11926 11927 Yes Security Update 10.0.22000.1455 5022282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282 5021233 11929 11930 11931 Yes Security Update 10.0.19044.2486 5022303 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303 5021255 12085 12086 Yes Security Update 10.0.22621.1105 5022303 https://support.microsoft.com/help/5022303 12085 12086 5022282 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282 5021233 12097 12098 12099 Yes Security Update 10.0.19045.2486 5022297 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297 5021243 10729 10735 Yes Security Update 10.0.10240.19685 5022289 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289 5021235 10852 10853 10816 10855 Yes Security Update 10.0.14393.5648 5022348 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348 5021285 10378 10379 Yes Monthly Rollup 6.2.9200.24075 5022348 https://support.microsoft.com/help/5022348 10378 10379 5022343 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343 10378 10379 Yes Security Only 6.2.9200.24075 5022343 https://support.microsoft.com/help/5022343 10378 10379 5022352 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352 5021294 10483 10543 Yes Monthly Rollup 6.3.9600.20778 5022352 https://support.microsoft.com/help/5022352 10483 10543 5022346 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346 10483 10543 Yes Security Only 6.3.9600.20778 5022346 https://support.microsoft.com/help/5022346 10483 10543 1.0 2023-04-11T07:00:00 <p>Information published. This CVE was addressed by updates that were released in January 2023, but the CVE was inadvertently omitted from the January 2023 Security Updates. This is an informational change only. Customers who have already installed the January 2023 updates do not need to take any further action.</p> Windows Kernel Denial of Service Vulnerability Windows Kernel Microsoft Yes CVE-2023-28298 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Abdelhamid Naceri 1.0 2023-04-11T07:00:00 <p>Information published.</p> Azure Service Connector Security Feature Bypass Vulnerability <p><strong>How can I update my Azure Service Connector to the latest version?</strong></p> <p>Azure Service Connector updates when Azure Command-Line Interface (CLI) is updated to the latest version. If you have automatic updates enabled (not enabled by default), no action is needed. For customers who manually update, please refer to <a href="https://learn.microsoft.com/en-us/cli/azure/update-azure-cli">How to update the Azure CLI</a> for instructions on how to update Azure CLI.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to chain other vulnerabilities in order to successfully gain unauthorized access to the target environment.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L).  What does that mean for this vulnerability?</strong></p> <p>An attacker must have RBAC Reader role access or above on the targeted Azure subscription to exploit this vulnerability. <strong>NOTE:</strong> The targeted product's authentication mechanisms (AuthZ and AuthN) are not affected and must be overcome to exploit this vulnerability.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>Azure Service Connector configures internal firewalls upon creation to safeguard connections and prevent unauthorized requests. An attacker who successfully exploits this vulnerability could bypass the firewall's restrictions enabling requests which are expected to be blocked, to succeed.</p> Azure Service Connector Microsoft Yes CVE-2023-28300 Improper Access Control 12177 Security Feature Bypass 12177 Important 12177 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12177 Release Notes https://learn.microsoft.com/en-us/cli/azure/update-azure-cli#manual-update 12177 Maybe Security Update 0.3.0 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28305 Use After Free 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Dynamics Microsoft Yes CVE-2023-28309 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11664 11921 Spoofing 11664 Spoofing 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11664 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5023896 https://www.microsoft.com/en-us/download/details.aspx?id=105152 11664 Maybe Security Update 9.0.46.15 5023894 https://www.microsoft.com/en-us/download/details.aspx?id=105151 11921 Maybe Security Update 9.1.17.29 Anonymous 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> Dynamics 365 Customer Voice Microsoft Yes CVE-2023-28313 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12176 Spoofing 12176 Important 12176 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 12176 Release Notes https://appsource.microsoft.com/en-us/product/dynamics-365/msfp.customervoicedistribution 12176 Maybe Security Update 9.0.0.7 <a href="https://twitter.com/kire_devs_hacks">Erik Donker</a> with <a href="https://vattenfall.com/">Vattenfall</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> 1.1 2023-04-11T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.2 2023-04-27T07:00:00 <p>Corrected Article links in the Security Updates table. This is an informational change only.</p> Windows Domain Name Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28223 Use After Free 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker would have to send the victim a malicious file that the victim would have to execute.</p> Microsoft Dynamics Microsoft Yes CVE-2023-28314 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11664 11921 Spoofing 11664 Spoofing 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5023896 https://www.microsoft.com/en-us/download/details.aspx?id=105152 11664 Maybe Security Update 9.0.46.15 5023894 https://www.microsoft.com/en-us/download/details.aspx?id=105151 11921 Maybe Security Update 9.1.17.29 <a href="https://batr.am/">batram</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> 1.1 2023-04-12T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> Visual Studio Code Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Visual Studio Code Microsoft Yes CVE-2023-24893 Improper Input Validation 11622 Remote Code Execution 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/Download 11622 Maybe Security Update 1.77.0 <a href="https://github.com/solid-snail">SolidSnail</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-24935 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 112.0.5615.49/50 <a href="https://twitter.com/agamimaulana">Muhammad R. Maulana</a> 1.0 2023-04-06T07:00:00 <p>Information published.</p> 1.1 2023-04-28T07:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> Microsoft Edge (Chromium-based) Tampering Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to first prepare the target so that the attacker is on the same network as potential victims.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-28301 11815 Tampering 11815 Low 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 3.7 3.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 112.0.5615.49/50 <a href="https://www.linkedin.com/in/lim4/">Rafael</a> with Google Vrp 1.1 2023-06-16T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1810 Heap buffer overflow in Visuals <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1810 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1811 Use after free in Frames <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1811 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1812 Out of bounds memory access in DOM Bindings <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1812 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1813 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1813 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1814 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1815 Use after free in Networking APIs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1815 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1816 Incorrect security UI in Picture In Picture <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1816 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1817 Insufficient policy enforcement in Intents <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1817 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1818 Use after free in Vulkan <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1818 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1819 Out of bounds read in Accessibility <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1819 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1820 Heap buffer overflow in Browser History <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1820 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1821 Inappropriate implementation in WebShare <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1821 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1822 Incorrect security UI in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1822 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Chromium: CVE-2023-1823 Inappropriate implementation in FedCM <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.34</td> <td>4/6/2023</td> <td>112.0.5615.49/50</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-1823 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.5615.49/50 1.0 2023-04-06T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.48</td> <td>4/15/2023</td> <td>112.0.5615.121</td> </tr> <tr> <td>109.01518.100</td> <td>4/24/2023</td> <td>109.0.5414.141</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this could bypass the Edge security warning message feature.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-29334 11655 Spoofing 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 112.0.1722.48 <a href="https://www.linkedin.com/in/sazzad-mahmud-tomal-4422b0236">Sazzad Mahmud Tomal</a> 1.0 2023-04-28T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.</p> Windows Message Queuing Microsoft Yes CVE-2023-21554 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> Haifei Li with <a href="https://research.checkpoint.com">Check Point Research</a> <a href="https://x9090.twitter.com/">Wayne Low of Fortinet&#39;s FortiGuard Lab</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24924 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24883 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24925 Use After Free 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-24884 Incorrect Conversion between Numeric Types 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-28219 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Layer 2 Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-28220 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to dial a PPPoE connection at the same time an attacker was attempting to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Windows Point-to-Point Protocol over Ethernet (PPPoE) Microsoft Yes CVE-2023-28224 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows NTLM Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> Windows NTLM Microsoft Yes CVE-2023-28225 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 Anonymous 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Enroll Engine Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass certificate validation during the account enrollment process.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to setup a new work or school account on their system while connected to a compromised network.</p> Windows Enroll Engine Microsoft Yes CVE-2023-28226 Improper Verification of Cryptographic Signature 11568 11569 11570 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Important 11568 Important 11569 Important 11570 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 Yes Security Update 10.0.14393.5850 Aapo Oksman with <a href="https://nixu.com/">Nixu Cybersecurity</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Bluetooth Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> Microsoft Bluetooth Driver Microsoft Yes CVE-2023-28227 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> cfj Keqi Hu 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Spoofing Vulnerability <p><strong>How could an attacker successfully exploit this vulnerability?</strong></p> <p>An attacker could convince a user on the target device to open a maliciously crafted HTA file designed to appear as a legitimately signed WIM file (Windows Imaging Format).</p> Windows RDP Client Microsoft Yes CVE-2023-28228 Improper Verification of Cryptographic Signature 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11570 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11801 Spoofing 11802 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://github.com/mattifestation">Matt Graeber</a> with <a href="https://redcanary.com/">Red Canary</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows CNG Key Isolation Service Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> Windows CNG Key Isolation Service Microsoft Yes CVE-2023-28229 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 k0shl of Kunlun Lab 1.0 2023-04-11T07:00:00 <p>Information published.</p> DHCP Server Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could leverage a specially crafted call to the DHCP service to exploit this vulnerability.</p> Windows DHCP Server Microsoft Yes CVE-2023-28231 Heap-based Buffer Overflow 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 YanZiShuang@BigCJTeam of cyberkl 1.0 2023-04-11T07:00:00 <p>Information published.</p> 1.1 2023-04-14T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability could be triggered when a user connects a Windows client to a malicious server.</p> Windows Point-to-Point Tunneling Protocol Microsoft Yes CVE-2023-28232 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Wei with Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Secure Channel Denial of Service Vulnerability <p><strong>Does this vulnerability affect all versions of TLS?</strong></p> <p>No. Only those devices running TLS 1.3 are affected. For more information on supported TLS implementations please visit: <a href="https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-">https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-</a></p> Windows Secure Channel Microsoft Yes CVE-2023-28233 11923 11924 11926 11927 12085 12086 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 <a href="https://twitter.com/trueunitysect">Quan Luo </a> with Codesafe Team of QI-ANXIN Legendsec Group 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Secure Channel Denial of Service Vulnerability <p><strong>Does this vulnerability affect all versions of TLS?</strong></p> <p>No. Only those devices running TLS 1.3 are affected. For more information on supported TLS implementations please visit: <a href="https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-">https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-</a></p> Windows Transport Security Layer (TLS) Microsoft Yes CVE-2023-28234 11923 11924 11926 11927 12085 12086 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 <a href="https://twitter.com/trueunitysect">Quan Luo </a> with Codesafe Team of QI-ANXIN Legendsec Group 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Lock Screen Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Windows Lock Screen security feature.</p> Windows Lock Screen Microsoft Yes CVE-2023-28235 11568 11569 11570 11571 11572 11801 11802 11929 11930 11931 12097 12098 12099 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11801 Important 11802 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 Naceri with MSRC Vulnerabilities & Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows ALPC Microsoft Yes CVE-2023-28236 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Kernel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> Windows Kernel Microsoft Yes CVE-2023-28237 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/laith_satari">Laith AL-Satari</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Internet Key Exchange (IKE) Protocol Microsoft Yes CVE-2023-28238 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>Only systems with the IKE and AuthIP IPsec Keying Modules running are vulnerable to this attack.</p> <p>You can run either of the following commands to check the running status of this service:</p> <p>PS: <code>C:\&amp;gt; Get-Service Ikeext</code></p> <ul> <li>OR</li> </ul> <p>Cmd: <code>C:\&amp;gt; sc query ikeext</code></p> <p>This mitigation could have negative affects on your IPSec functionality. Microsoft strongly recommends updating your system with the latest Windows security updates.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Network Load Balancing Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker on the same subnet as the target system would need to send a specially crafted packet to a server configured as a Network Load Balancing cluster host.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Windows Network Load Balancing Microsoft Yes CVE-2023-28240 Heap-based Buffer Overflow 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <p>A workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. The following workaround might be helpful in your situation:</p> <p><strong>Migrate from <a href="https://learn.microsoft.com/windows-server/networking/technologies/network-load-balancing">Network Load Balancing</a> to <a href="https://learn.microsoft.com/azure-stack/hci/concepts/software-load-balancer">Software Load Balancing</a>.</strong></p> <p>Microsoft recommends that customers using Network Load Balancing migrate their deployments to the newer Software Load Balancing solution.</p> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> <a href="https://twitter.com/b2ahex">b2ahex</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Microsoft Yes CVE-2023-28241 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Common Log File System Driver Microsoft Yes CVE-2023-28266 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://github.com/cbwang505">ChengBin Wang</a> with <a href="https://www.guolisec.com/">ZheJiang Guoli Security Technology</a> and <a href="https://ze0r/">ze0r</a> with Venustech ADLAB 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-28243 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 kap0k 1.0 2023-04-11T07:00:00 <p>Information published.</p> Remote Desktop Protocol Client Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability could be triggered when a user connects a Windows client to a malicious server.</p> Windows RDP Client Microsoft Yes CVE-2023-28267 Buffer Over-read 11568 11569 11570 11571 11572 11849 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11849 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11849 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 Release Notes https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-124157 11849 Maybe Security Update 1.2.4157.0 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Team BT5 (BoB 11th) working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Kerberos Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session key to elevate privileges.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges of the targeted user.</p> Windows Kerberos Microsoft Yes CVE-2023-28244 Use of a Broken or Risky Cryptographic Algorithm 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</p> <p>Systems running Windows Defender Credential Guard will block this attack.</p> John Askew with Terrapin Labs 1.0 2023-04-11T07:00:00 <p>Information published.</p> Netlogon RPC Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges of the targeted user.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A machine-in-the-middle (MITM) attacker could leverage cryptographic protocol vulnerabilities in the Windows Netlogon protocol when RPC Signing is used instead of RPC Sealing. Where RPC Signing is used instead of RPC Sealing the attacker could gain control of the service and then might be able to modify Netlogon protocol traffic to elevate their privileges.</p> Windows Netlogon Microsoft Yes CVE-2023-28268 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Radha Polaiah of NetApp 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Registry Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> Windows Registry Microsoft Yes CVE-2023-28246 Improper Access Control 11923 11924 11926 11927 12085 12086 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 12085 Elevation of Privilege 12086 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 STAR LABS 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Lock Screen Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The authentication feature could be bypassed as this vulnerability allows impersonation.</p> Windows Lock Screen Microsoft Yes CVE-2023-28270 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 Naceri with MSRC Vulnerabilities & Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Network File System Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Network File System Microsoft Yes CVE-2023-28247 Integer Underflow (Wrap or Wraparound) 11571 11572 11923 11924 10816 10855 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.</p> Windows Kernel Microsoft Yes CVE-2023-28248 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Kernel Memory Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.</p> Windows Kernel Microsoft Yes CVE-2023-28271 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-28272 Integer Underflow (Wrap or Wraparound) 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.</p> Windows PGM Microsoft Yes CVE-2023-28250 Integer Underflow (Wrap or Wraparound) 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Clip Service Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Clip Service Microsoft Yes CVE-2023-28273 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-28274 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11801 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11802 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11926 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11927 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12085 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12086 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12097 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12098 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12099 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 Anonymous 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2023-28252 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11801 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11802 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/oct0xor">Boris Larin (oct0xor)</a> with <a href="https://www.kaspersky.com/">Kaspersky</a> <a>Quan Jin</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html/">DBAPPSecurity WeBin Lab</a> Genwei Jiang with Mandiant 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via OLEDB (CVSS metric AV:N), which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2023-28275 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Anonymous 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Kernel Microsoft Yes CVE-2023-28253 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Andrei Vlad Lutas of Bitdefender <b> Alyssa Milburn and Ke Sun of Intel 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Group Policy Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The vulnerability would only prevent an admin from updating group policies during the time an attacker is performing a specific action; however, it would not prevent an admin from otherwise being able to update the policies.</p> Windows Group Policy Microsoft Yes CVE-2023-28276 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11568 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11569 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11570 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11571 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11572 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11923 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11924 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11801 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11802 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11926 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11927 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11929 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11930 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11931 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12085 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12086 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12097 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12098 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12099 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10729 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10735 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10852 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10853 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10816 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10855 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 9312 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10287 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 9318 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 9344 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10051 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10049 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10378 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10379 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10483 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Herbert Mauerer with Microsoft 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28254 Heap-based Buffer Overflow 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows DNS Server Information Disclosure Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28277 Integer Overflow or Wraparound 11923 11924 Information Disclosure 11923 Information Disclosure 11924 Important 11923 Important 11924 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.9 4.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28255 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28278 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28256 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> .NET DLL Hijacking Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> .NET Core Microsoft Yes CVE-2023-28260 12009 12130 12167 12129 12051 11969 12131 11970 Remote Code Execution 12009 Remote Code Execution 12130 Remote Code Execution 12167 Remote Code Execution 12129 Remote Code Execution 12051 Remote Code Execution 11969 Remote Code Execution 12131 Remote Code Execution 11970 Important 12009 Important 12130 Important 12167 Important 12129 Important 12051 Important 11969 Important 12131 Important 11970 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12009 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12130 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12167 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12129 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12131 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11970 5025915 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.16 5025916 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.5 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.5 12167 Maybe Security Update 17.5.4 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.7 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.15 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.21 Release Notes https://github.com/PowerShell/Announcements/issues/39 12131 Maybe Security Update 7.3.4 Release Notes https://github.com/PowerShell/Announcements/issues/39 11970 Maybe Security Update 7.2.11 <a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="http://www.iie.ac.cn/">VARAS@IIE</a> <a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="http://www.iie.ac.cn/">VARAS@IIE</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> 2.0 2023-04-13T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/39">https://github.com/PowerShell/Announcements/issues/39</a> for more information.</p> Visual Studio Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Visual Studio Microsoft Yes CVE-2023-28262 Heap-based Buffer Overflow 12051 11935 11969 12129 12167 Elevation of Privilege 12051 Elevation of Privilege 11935 Elevation of Privilege 11969 Elevation of Privilege 12129 Elevation of Privilege 12167 Important 12051 Important 11935 Important 11969 Important 12129 Important 12167 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11935 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12129 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12167 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.15 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.26 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.21 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.7 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.5 12167 Maybe Security Update 17.5.4 <a href="https://github.com/zeze-zeze">Zeze</a> with <a href="https://teamt5.org/">TeamT5</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Visual Studio Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability crosses the kernel security boundary and can lead to system information disclosure.</p> Visual Studio Microsoft Yes CVE-2023-28263 Improper Null Termination 12051 11935 11969 12129 12167 Information Disclosure 12051 Information Disclosure 11935 Information Disclosure 11969 Information Disclosure 12129 Information Disclosure 12167 Important 12051 Important 11935 Important 11969 Important 12129 Important 12167 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12051 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11935 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11969 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12129 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12167 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.15 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.26 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.21 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.7 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.5 12167 Maybe Security Update 17.5.4 <a href="https://github.com/zeze-zeze">Zeze</a> with <a href="https://teamt5.org/">TeamT5</a> 1.1 2023-06-13T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Microsoft Yes CVE-2023-28293 Integer Underflow (Wrap or Wraparound) 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Visual Studio Microsoft Yes CVE-2023-28296 Double Free 11600 12051 11935 11969 12129 12167 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Remote Code Execution 12167 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12167 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11600 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11935 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12129 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12167 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.54 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.15 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.26 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.21 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.7 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.5 12167 Maybe Security Update 17.5.4 kap0k 1.1 2023-04-12T07:00:00 <p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Visual Studio Spoofing Vulnerability Visual Studio Microsoft Yes CVE-2023-28299 11600 12051 11935 11969 12129 12167 Spoofing 11600 Spoofing 12051 Spoofing 11935 Spoofing 11969 Spoofing 12129 Spoofing 12167 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Important 12167 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11600 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12051 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11935 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11969 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12129 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 12167 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.54 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.15 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.26 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.21 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.7 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.5 12167 Maybe Security Update 17.5.4 Dolev Taler with Varonis 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Active Directory Microsoft Yes CVE-2023-28302 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Haifei Li with <a href="https://research.checkpoint.com">Check Point Research</a> <a href="https://x9090.twitter.com/">Wayne Low of Fortinet&#39;s FortiGuard Lab</a> <a href="https://twitter.com/baixia4">Jarvis_1oop</a> Bing Sun with Trellix Advanced Research Center 1.0 2023-04-11T07:00:00 <p>Information published.</p> 1.1 2023-05-23T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Microsoft ODBC and OLE DB Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server from <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718</a>. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft ODBC Driver 17 or 18 for SQL Server or Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this security bulletin, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft ODBC Driver 17 or 18 for SQL Server or Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this security bulletin, which provide protection against this vulnerability.</p> SQL Server Microsoft Yes CVE-2023-28304 Improper Input Validation 12179 12181 12180 12178 Remote Code Execution 12179 Remote Code Execution 12181 Remote Code Execution 12180 Remote Code Execution 12178 Important 12179 Important 12181 Important 12180 Important 12178 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12179 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12181 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12180 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12178 Release Notes https://learn.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16#version-17 12179 Maybe Security Update 17.10.3.1 Release Notes https://learn.microsoft.com/en-us/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server?view=sql-server-ver16#previous-releases 12181 Maybe Security Update 18.6.5 Release Notes https://learn.microsoft.com/en-us/sql/connect/oledb/download-oledb-driver-for-sql-server?view=sql-server-ver16 12180 Maybe Security Update 19.3.0 Release Notes https://learn.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16#download-for-windows 12178 Maybe Security Update 18.2.1.1 <a href="https://twitter.com/sagitz_">Sagi Tzadik</a> with <a href="https://www.wiz.io/">Wiz.io</a> 1.1 2023-05-16T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.2 2023-10-11T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28306 Use After Free 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28307 Use After Free 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Microsoft Windows DNS Microsoft Yes CVE-2023-28308 Use After Free 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10816 10855 Yes Security Update 10.0.14393.5850 5025271 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025271 5023755 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22015 5025271 https://support.microsoft.com/help/5025271 9312 10287 9318 9344 5025273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025273 9312 10287 9318 9344 Yes Security Only 6.0.6003.22015 5025273 https://support.microsoft.com/help/5025273 9312 10287 9318 9344 5025279 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025279 5023769 10051 10049 Yes Monthly Rollup 6.1.7601.26466 5025279 https://support.microsoft.com/help/5025279 10051 10049 5025277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025277 10051 10049 Yes Security Only 6.1.7601.26466 5025277 https://support.microsoft.com/help/5025277 10051 10049 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Microsoft Office Word Microsoft Yes CVE-2023-28311 Heap-based Buffer Overflow 11575 11762 11763 11951 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Important 11575 Important 11762 Important 11763 Important 11951 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.72.23040900 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> Azure Machine Learning Information Disclosure Vulnerability <p><strong>How do I check my Azure Machine Learning Compute Instance runtime version?</strong></p> <p>To determine your runtime version, make a GET compute rest API call for your compute instance, then check the response. You can find the runtime version from field *versions.runtime. *</p> <p>Please view additional details here: <a href="https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/get">https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/get</a></p> <p><strong>How do I update my Azure Machine Learning Compute Instance runtime version?</strong></p> <p>Please reference the guidance provided here: <a href="https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/update">https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/update</a></p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose system logs but does not allow the attacker to modify any data or make the service unavailable.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could access the system logs.</p> Azure Machine Learning Microsoft Yes CVE-2023-28312 Improper Access Control 12152 Information Disclosure 12152 Important 12152 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12152 Release Notes https://learn.microsoft.com/en-us/rest/api/azureml/2022-10-01/compute/update?tabs=HTTP 12152 Maybe Security Update 3.0.02199.0001 Nitesh Surana (@_niteshsurana) of Project Nebula <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-04-11T07:00:00 <p>Information published.</p> 1.1 2023-08-22T07:00:00 <p>Corrected one or more links in the FAQ. This is an informational change only.</p> Windows Boot Manager Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot to run unauthorized code. To be successful the attacker would need either physical access or administrator privileges.</p> Windows Boot Manager Microsoft Yes CVE-2023-28269 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Zammis Clark 1.0 2023-04-11T07:00:00 <p>Information published.</p> Windows Boot Manager Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot to run unauthorized code. To be successful the attacker would need either physical access or administrator privileges.</p> Windows Boot Manager Microsoft Yes CVE-2023-28249 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11801 Security Feature Bypass 11802 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.2 5.4 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5025229 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025229 5023702 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4252 5025229 https://support.microsoft.com/help/5025229 11568 11569 11570 11571 11572 5025230 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025230 5023705 11923 11924 Yes Security Update 10.0.20348.1668 5025230 https://support.microsoft.com/help/5025230 11923 11924 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11801 11802 Yes Security Update 10.0.19042.2846 5025221 https://support.microsoft.com/help/5025221 11801 11802 11929 11930 11931 12097 12098 12099 5025224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025224 5023698 11926 11927 Yes Security Update 10.0.22000.1817 5025224 https://support.microsoft.com/help/5025224 11926 11927 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 11929 11930 11931 Yes Security Update 10.0.19044.2846 5025239 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025239 5023706 12085 12086 Yes Security Update 10.0.22621.1555 5025239 https://support.microsoft.com/help/5025239 12085 12086 5025221 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025221 5023696 12097 12098 12099 Yes Security Update 10.0.19045.2846 5025234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025234 5023713 10729 10735 Yes Security Update 10.0.10240.19869 5025228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025228 5023697 10852 10853 10816 10855 Yes Security Update 10.0.14393.5850 5025287 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025287 5023769 10378 10379 Yes Monthly Rollup 6.2.9200.24216 5025272 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025272 10378 10379 Yes Security Only 6.2.9200.24216 5025285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025285 5023765 10483 10543 Yes Monthly Rollup 6.3.9600.20919 5025288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5025288 10483 10543 Yes Security Only 6.3.9600.20919 Zammis Clark 1.0 2023-04-11T07:00:00 <p>Information published.</p> Microsoft Defender Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Windows Defender detection with a specially crafted file.</p> <table> <thead> <tr> <th>References</th> <th>Identification</th> </tr> </thead> <tbody> <tr> <td>Last version of the Microsoft Malware Protection Platform affected by this vulnerability</td> <td>Version 4.18.2302.7</td> </tr> <tr> <td>First version of the Microsoft Malware Protection Platform with this vulnerability addressed</td> <td>Version 4.18.2303.8</td> </tr> </tbody> </table> <p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p> <p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p> <p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p> <p><strong>Why is no action required to install this update?</strong></p> <p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p> <p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p> <p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Platform updates and malware definitions, is working as expected in their environment.</p> <p><strong>How often are the Microsoft Malware Protection Platform and malware definitions updated?</strong></p> <p>Microsoft typically releases an update for the Microsoft Malware Protection Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p> <p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p> <p><strong>What is the Microsoft Malware Protection Platform?</strong></p> <p>The Microsoft Malware Protection Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats.</p> <p><strong>Windows Defender uses the Microsoft Malware Protection Platform. On which products is Defender installed and active by default?</strong></p> <p>Defender runs on all supported version of Windows.</p> <p><strong>Are there other products that use the Microsoft Malware Protection Platform?</strong></p> <p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p> <p><strong>Does this update contain any additional security-related changes to functionality?</strong></p> <p>Yes.  In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p> <h2 id="suggested-actions">Suggested Actions</h2> <p><strong>Verify that the update is installed</strong></p> <p>Customers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p> <ol> <li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li> <li>In the navigation pane, select Virus &amp; threat protection.</li> <li>Under Virus &amp; threat protection updates in the main window, select Check for updates</li> <li>Select Check for updates again.</li> <li>In the navigation pane, select Settings, and then select About.</li> <li>Examine the Platform Version number. The update was successfully installed if the Malware Protection Platform version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li> </ol> Windows Defender Microsoft Yes CVE-2023-24934 Missing Authentication for Critical Function 12183 Security Feature Bypass 12183 Important 12183 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.2 5.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12183 Release Notes 12183 No Security Update 4.18.2303.8 Tomer Bar and Omer Attias with <a href="https://safebreach.com/">SafeBreach</a> 1.1 2023-04-18T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.0 2023-04-14T07:00:00 <p>Information published. This CVE was addressed by updates that were released in April 2023, but the CVE was inadvertently omitted from the April 2023 Security Updates. This is an informational change only. Customers who have already installed the April 2023 updates do not need to take any further action.</p> 1.2 2023-04-19T07:00:00 <p>Updated the products listed in the Security Updates table. This is an informational change only.</p> 1.3 2023-04-27T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Chromium: CVE-2023-2133 Out of bounds memory access in Service Worker API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.58</td> <td>4/21/2023</td> <td>112.0.5615.137</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2133 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.1722.58 1.0 2023-04-20T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2134 Out of bounds memory access in Service Worker API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.58</td> <td>4/21/2023</td> <td>112.0.5615.137</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2134 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.1722.58 1.0 2023-04-20T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2135 Use after free in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.58</td> <td>4/21/2023</td> <td>112.0.5615.137</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2135 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.1722.58 1.0 2023-04-20T07:00:00 <p>Information published.</p> Chromium: CVE-2023-2137 Heap buffer overflow in sqlite <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>112.0.1722.58</td> <td>4/21/2023</td> <td>112.0.5615.137</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-2137 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 112.0.1722.58 1.0 2023-04-20T07:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1079 https://nvd.nist.gov/vuln/detail/CVE-2023-1079 https://nvd.nist.gov/vuln/detail/CVE-2023-1079 https://nvd.nist.gov/vuln/detail/CVE-2023-1079 Mariner secalert@redhat.com Yes CVE-2023-1079 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 6.8 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 6.8 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 6.8 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 6.8 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12139 kernel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 kernel 12140 kernel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 1.0 2023-04-01T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-28448 https://nvd.nist.gov/vuln/detail/CVE-2023-28448 https://nvd.nist.gov/vuln/detail/CVE-2023-28448 https://nvd.nist.gov/vuln/detail/CVE-2023-28448 Mariner security-advisories@github.com Yes CVE-2023-28448 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 cloud-hypervisor 12139 cloud-hypervisor-30.0-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 30.0-2 cloud-hypervisor 12140 CBL-Mariner 30.0-2 cloud-hypervisor 12137 cloud-hypervisor-22.0-2.cm1.x86_64.rpm 0001-01-01T00:00:00 cloud-hypervisor-debuginfo-22.0-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 22.0-2 cloud-hypervisor 12138 CBL-Mariner 22.0-2 1.0 2023-04-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-25882 https://nvd.nist.gov/vuln/detail/CVE-2022-25882 Mariner report@snyk.io Yes CVE-2022-25882 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 12140 pytorch 12139 python3-pytorch-2.0.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-pytorch-doc-2.0.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 pytorch-debuginfo-2.0.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.0.0-1 pytorch 12140 python3-pytorch-2.0.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-pytorch-doc-2.0.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 pytorch-debuginfo-2.0.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.0.0-1 1.0 2023-04-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1513 https://nvd.nist.gov/vuln/detail/CVE-2023-1513 https://nvd.nist.gov/vuln/detail/CVE-2023-1513 https://nvd.nist.gov/vuln/detail/CVE-2023-1513 Mariner secalert@redhat.com Yes CVE-2023-1513 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 12139 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 12140 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 12137 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 12138 kernel 12139 kernel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 kernel 12140 kernel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 1.0 2023-04-05T00:00:00 <p>Information published.</p> 1.1 2023-04-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-28642 https://nvd.nist.gov/vuln/detail/CVE-2023-28642 https://nvd.nist.gov/vuln/detail/CVE-2023-28642 https://nvd.nist.gov/vuln/detail/CVE-2023-28642 Mariner security-advisories@github.com Yes CVE-2023-28642 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 moby-runc 12137 moby-runc-1.1.5+azure-1.cm1.x86_64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5+azure-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5+azure-1 moby-runc 12138 moby-runc-1.1.5+azure-1.cm1.aarch64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5+azure-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5+azure-1 moby-runc 12139 moby-runc-1.1.5-1.cm2.x86_64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5-1 moby-runc 12140 moby-runc-1.1.5-1.cm2.aarch64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5-1 1.0 2023-04-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-25809 https://nvd.nist.gov/vuln/detail/CVE-2023-25809 https://nvd.nist.gov/vuln/detail/CVE-2023-25809 https://nvd.nist.gov/vuln/detail/CVE-2023-25809 Mariner security-advisories@github.com Yes CVE-2023-25809 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 12137 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 12138 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 12139 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 12140 moby-runc 12137 moby-runc-1.1.5+azure-1.cm1.x86_64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5+azure-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5+azure-1 moby-runc 12138 moby-runc-1.1.5+azure-1.cm1.aarch64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5+azure-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5+azure-1 moby-runc 12139 moby-runc-1.1.5-1.cm2.x86_64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5-1 moby-runc 12140 moby-runc-1.1.5-1.cm2.aarch64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5-1 1.0 2023-04-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 Mariner secalert@redhat.com Yes CVE-2022-4899 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 zstd 12139 zstd-1.5.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 zstd-devel-1.5.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 zstd-libs-1.5.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 zstd-doc-1.5.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 zstd-debuginfo-1.5.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.5.4-1 zstd 12140 zstd-1.5.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 zstd-devel-1.5.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 zstd-libs-1.5.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 zstd-doc-1.5.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 zstd-debuginfo-1.5.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.5.4-1 1.0 2023-04-01T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-40133 https://nvd.nist.gov/vuln/detail/CVE-2022-40133 Mariner security@openanolis.org Yes CVE-2022-40133 12139 12140 12139 12140 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 hyperv-daemons 12139 hyperv-daemons-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.2-1 hyperv-daemons 12140 hyperv-daemons-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.2-1 1.0 2023-04-24T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-23006 https://nvd.nist.gov/vuln/detail/CVE-2023-23006 Mariner cve@mitre.org Yes CVE-2023-23006 12137 12138 12137 12138 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 1.0 2023-03-14T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-28486 https://nvd.nist.gov/vuln/detail/CVE-2023-28486 Mariner cve@mitre.org Yes CVE-2023-28486 12137 12138 12137 12138 12137 12138 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12138 sudo 12137 sudo-1.9.13p3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 sudo-debuginfo-1.9.13p3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.13p3-1 sudo 12138 sudo-1.9.13p3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 sudo-debuginfo-1.9.13p3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.13p3-1 1.0 2023-03-22T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1355 https://nvd.nist.gov/vuln/detail/CVE-2023-1355 Mariner security@huntr.dev Yes CVE-2023-1355 12137 12138 12137 12138 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 vim 12137 vim-9.0.1402-1.cm1.x86_64.rpm 0001-01-01T00:00:00 vim-extra-9.0.1402-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.1402-1 vim 12138 vim-9.0.1402-1.cm1.aarch64.rpm 0001-01-01T00:00:00 vim-extra-9.0.1402-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.1402-1 1.0 2023-03-22T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2869 https://nvd.nist.gov/vuln/detail/CVE-2022-2869 https://nvd.nist.gov/vuln/detail/CVE-2022-2869 https://nvd.nist.gov/vuln/detail/CVE-2022-2869 Mariner secalert@redhat.com Yes CVE-2022-2869 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12138 libtiff-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12139 libtiff-4.5.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12140 libtiff-4.5.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 1.0 2022-08-20T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-28425 https://nvd.nist.gov/vuln/detail/CVE-2023-28425 https://nvd.nist.gov/vuln/detail/CVE-2023-28425 https://nvd.nist.gov/vuln/detail/CVE-2023-28425 Mariner security-advisories@github.com Yes CVE-2023-28425 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 redis 12137 redis-6.2.11-1.cm1.x86_64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.11-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.11-1 redis 12138 redis-6.2.11-1.cm1.aarch64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.11-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.11-1 redis 12139 redis-6.2.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.12-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.12-1 redis 12140 redis-6.2.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 redis-debuginfo-6.2.12-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.2.12-1 1.0 2023-03-24T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-45955 https://nvd.nist.gov/vuln/detail/CVE-2021-45955 Mariner cve@mitre.org Yes CVE-2021-45955 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 dnsmasq 12139 dnsmasq-2.89-2.cm2.x86_64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-2 dnsmasq 12140 dnsmasq-2.89-2.cm2.aarch64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-2 1.0 2022-03-16T00:00:00 <p>Information published.</p> 1.1 2023-04-16T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2021-45957 https://nvd.nist.gov/vuln/detail/CVE-2021-45957 Mariner cve@mitre.org Yes CVE-2021-45957 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 dnsmasq 12139 dnsmasq-2.89-2.cm2.x86_64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-2 dnsmasq 12140 dnsmasq-2.89-2.cm2.aarch64.rpm 0001-01-01T00:00:00 dnsmasq-debuginfo-2.89-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.89-2 1.0 2022-03-16T00:00:00 <p>Information published.</p> 1.1 2023-04-16T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1281 https://nvd.nist.gov/vuln/detail/CVE-2023-1281 https://nvd.nist.gov/vuln/detail/CVE-2023-1281 https://nvd.nist.gov/vuln/detail/CVE-2023-1281 Mariner security@google.com Yes CVE-2023-1281 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12139 kernel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 kernel 12140 kernel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 1.0 2023-03-25T00:00:00 <p>Information published.</p> 1.1 2023-04-16T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-48424 https://nvd.nist.gov/vuln/detail/CVE-2022-48424 https://nvd.nist.gov/vuln/detail/CVE-2022-48424 https://nvd.nist.gov/vuln/detail/CVE-2022-48424 Mariner cve@mitre.org Yes CVE-2022-48424 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12139 kernel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 kernel 12140 kernel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 kernel 12137 kernel-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.183.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.183.1-1 kernel 12138 kernel-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.183.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.183.1-1 1.0 2023-03-25T00:00:00 <p>Information published.</p> 1.1 2023-04-16T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-27561 https://nvd.nist.gov/vuln/detail/CVE-2023-27561 https://nvd.nist.gov/vuln/detail/CVE-2023-27561 https://nvd.nist.gov/vuln/detail/CVE-2023-27561 Mariner cve@mitre.org Yes CVE-2023-27561 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 moby-runc 12137 moby-runc-1.1.5+azure-1.cm1.x86_64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5+azure-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5+azure-1 moby-runc 12138 moby-runc-1.1.5+azure-1.cm1.aarch64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5+azure-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5+azure-1 moby-runc 12139 moby-runc-1.1.5-1.cm2.x86_64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5-1 moby-runc 12140 moby-runc-1.1.5-1.cm2.aarch64.rpm 0001-01-01T00:00:00 moby-runc-debuginfo-1.1.5-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.5-1 1.0 2023-03-11T00:00:00 <p>Information published.</p> 1.1 2023-04-22T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-8908 Mariner security@google.com Yes CVE-2020-8908 12139 12140 12139 12140 12139 12140 DOS:N/A 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 12139 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 12140 guava 12139 12140 guava-25.0-7.cm2.noarch.rpm 0001-01-01T00:00:00 guava-javadoc-25.0-7.cm2.noarch.rpm 0001-01-01T00:00:00 guava-testlib-25.0-7.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 25.0-7 1.0 2023-04-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-37601 https://nvd.nist.gov/vuln/detail/CVE-2022-37601 Mariner cve@mitre.org Yes CVE-2022-37601 12139 12140 12139 12140 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 reaper 12139 reaper-3.1.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.1.1-3 reaper 12140 CBL-Mariner 3.1.1-3 1.0 2023-04-19T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-22997 https://nvd.nist.gov/vuln/detail/CVE-2023-22997 https://nvd.nist.gov/vuln/detail/CVE-2023-22997 https://nvd.nist.gov/vuln/detail/CVE-2023-22997 Mariner cve@mitre.org Yes CVE-2023-22997 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12139 kernel-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.111.1-1 kernel 12140 kernel-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.111.1-1 1.0 2023-03-07T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-23005 https://nvd.nist.gov/vuln/detail/CVE-2023-23005 https://nvd.nist.gov/vuln/detail/CVE-2023-23005 https://nvd.nist.gov/vuln/detail/CVE-2023-23005 Mariner cve@mitre.org Yes CVE-2023-23005 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12139 kernel-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.111.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.111.1-1 kernel 12140 kernel-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.111.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.111.1-1 1.0 2023-03-14T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-28487 https://nvd.nist.gov/vuln/detail/CVE-2023-28487 Mariner cve@mitre.org Yes CVE-2023-28487 12137 12138 12137 12138 12137 12138 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 12138 sudo 12137 sudo-1.9.13p3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 sudo-debuginfo-1.9.13p3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.13p3-1 sudo 12138 sudo-1.9.13p3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 sudo-debuginfo-1.9.13p3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.9.13p3-1 1.0 2023-03-22T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2867 https://nvd.nist.gov/vuln/detail/CVE-2022-2867 https://nvd.nist.gov/vuln/detail/CVE-2022-2867 https://nvd.nist.gov/vuln/detail/CVE-2022-2867 Mariner secalert@redhat.com Yes CVE-2022-2867 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12138 libtiff-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12139 libtiff-4.5.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12140 libtiff-4.5.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 1.0 2022-08-19T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2868 https://nvd.nist.gov/vuln/detail/CVE-2022-2868 https://nvd.nist.gov/vuln/detail/CVE-2022-2868 https://nvd.nist.gov/vuln/detail/CVE-2022-2868 Mariner secalert@redhat.com Yes CVE-2022-2868 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12138 libtiff-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12139 libtiff-4.5.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 libtiff 12140 libtiff-4.5.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.0-1 1.0 2022-08-19T00:00:00 <p>Information published.</p> 1.1 2023-04-15T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-46176 https://nvd.nist.gov/vuln/detail/CVE-2022-46176 Mariner security-advisories@github.com Yes CVE-2022-46176 12139 12140 12139 12140 12139 12140 DOS:N/A 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 12139 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 12140 rust 12139 rust-1.68.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 rust-doc-1.68.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 rust-debuginfo-1.68.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.68.2-1 rust 12140 rust-1.68.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 rust-doc-1.68.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 rust-debuginfo-1.68.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.68.2-1 1.0 2023-01-17T00:00:00 <p>Information published.</p> 1.1 2023-04-16T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-48423 https://nvd.nist.gov/vuln/detail/CVE-2022-48423 Mariner cve@mitre.org Yes CVE-2022-48423 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 kernel 12140 kernel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.102.1-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.102.1-3 1.0 2023-03-25T00:00:00 <p>Information published.</p> 1.1 2023-04-16T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1390 https://nvd.nist.gov/vuln/detail/CVE-2023-1390 Mariner secalert@redhat.com Yes CVE-2023-1390 12137 12138 12137 12138 12137 12138 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 1.0 2023-03-25T00:00:00 <p>Information published.</p> 1.1 2023-04-17T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-26604 https://nvd.nist.gov/vuln/detail/CVE-2023-26604 Mariner cve@mitre.org Yes CVE-2023-26604 12137 12138 12137 12138 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 systemd 12137 systemd-239-44.cm1.x86_64.rpm 0001-01-01T00:00:00 systemd-devel-239-44.cm1.x86_64.rpm 0001-01-01T00:00:00 systemd-lang-239-44.cm1.x86_64.rpm 0001-01-01T00:00:00 systemd-debuginfo-239-44.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 239-44 systemd 12138 systemd-239-44.cm1.aarch64.rpm 0001-01-01T00:00:00 systemd-devel-239-44.cm1.aarch64.rpm 0001-01-01T00:00:00 systemd-lang-239-44.cm1.aarch64.rpm 0001-01-01T00:00:00 systemd-debuginfo-239-44.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 239-44 1.0 2023-03-11T00:00:00 <p>Information published.</p> 1.1 2023-04-22T00:00:00 <p>Information published.</p> Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read https://nvd.nist.gov/vuln/detail/CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985 <p>This CVE was assigned by Mitre. Some Microsoft products consume <a href="https://lua.org/about.html">Lau open-source software</a>. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability.</p> <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in <a href="https://lua.org/about.html">Lau open-source software</a> which is consumed by Microsoft Windows. It is being documented in the Security Update Guide to announce that the latest builds of Windows are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> Open Source Software Mitre Yes CVE-2021-45985 Dependency on Vulnerable Third-Party Component 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 12436 12437 12139 12356 12357 12140 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 12437 12139 12356 12357 12140 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 12437 12139 12356 12357 12140 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12139 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12356 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12357 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12140 5044281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044281 5042881 11923 11924 Yes Security Update 10.0.20348.2762 5044281 https://support.microsoft.com/help/5044281 11923 11924 5044273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044273 5043064 11929 11930 11931 Yes Security Update 10.0.19044.5011 5044273 https://support.microsoft.com/help/5044273 11929 11930 11931 12097 12098 12099 5044285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044285 5043076 12085 12086 Yes Security Update 10.0.22621.4317 5044273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044273 5043064 12097 12098 12099 Yes Security Update 10.0.19045.5011 5044285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044285 5043076 12242 12243 Yes Security Update 10.0.22631.4317 5044288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044288 5043055 12244 Yes Security Update 10.0.25398.1189 5044288 https://support.microsoft.com/help/5044288 12244 5050009 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050009 5048667 12389 12390 12436 12437 Yes Security Update 10.0.26100.2894 5050009 https://support.microsoft.com/help/5050009 12389 12390 12436 12437 lua 12139 lua-5.4.3-5.cm2.x86_64.rpm 0001-01-01T00:00:00 lua-devel-5.4.3-5.cm2.x86_64.rpm 0001-01-01T00:00:00 lua-libs-5.4.3-5.cm2.x86_64.rpm 0001-01-01T00:00:00 lua-static-5.4.3-5.cm2.x86_64.rpm 0001-01-01T00:00:00 lua-debuginfo-5.4.3-5.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.4.3-5 memcached 12139 memcached-1.6.13-3.cm2.x86_64.rpm 0001-01-01T00:00:00 memcached-devel-1.6.13-3.cm2.x86_64.rpm 0001-01-01T00:00:00 memcached-debuginfo-1.6.13-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.13-3 ntopng 12139 ntopng-5.2.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 ntopng-debuginfo-5.2.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.2.1-2 ntopng 12356 ntopng-5.2.1-3.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.2.1-2 ntopng 12357 ntopng-5.2.1-3.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.2.1-2 lua 12140 lua-5.4.3-5.cm2.aarch64.rpm 0001-01-01T00:00:00 lua-devel-5.4.3-5.cm2.aarch64.rpm 0001-01-01T00:00:00 lua-libs-5.4.3-5.cm2.aarch64.rpm 0001-01-01T00:00:00 lua-static-5.4.3-5.cm2.aarch64.rpm 0001-01-01T00:00:00 lua-debuginfo-5.4.3-5.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.4.3-5 memcached 12140 memcached-1.6.13-3.cm2.aarch64.rpm 0001-01-01T00:00:00 memcached-devel-1.6.13-3.cm2.aarch64.rpm 0001-01-01T00:00:00 memcached-debuginfo-1.6.13-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.13-3 ntopng 12140 ntopng-5.2.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 ntopng-debuginfo-5.2.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.2.1-2 2.0 2025-01-14T08:00:00 <p>The following updates have been made: 1) Added Windows Software to the Security Updates table. Microsoft recommends updating to the latest version of their Windows operating system. 2) Added an FAQ to describe further actions customers need to take to be protected from this vulnerability.</p> 1.0 2023-04-14T07:00:00 <p>Information published.</p> 1.1 2023-04-18T07:00:00 <p>Added memcached to CBL-Mariner 2.0 Added ntopng to CBL-Mariner 2.0</p>