February 2023 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2023-Feb 2023-Feb Final 1.0 78 2026-03-03T01:35:31 February 2023 Security Updates 2023-02-14T08:00:00 2026-03-03T01:35:31 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of security updates for the following products, features and roles.</p> <ul> <li>.NET and Visual Studio</li> <li>.NET Framework</li> <li>3D Builder</li> <li>Azure App Service</li> <li>Azure Data Box Gateway</li> <li>Azure DevOps</li> <li>Azure Machine Learning</li> <li>HoloLens</li> <li>Internet Storage Name Service</li> <li>Microsoft Defender for Endpoint</li> <li>Microsoft Defender for IoT</li> <li>Microsoft Dynamics</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Exchange Server</li> <li>Microsoft Graphics Component</li> <li>Microsoft Office</li> <li>Microsoft Office OneNote</li> <li>Microsoft Office Publisher</li> <li>Microsoft Office SharePoint</li> <li>Microsoft Office Word</li> <li>Microsoft PostScript Printer Driver</li> <li>Microsoft WDAC OLE DB provider for SQL</li> <li>Microsoft Windows Codecs Library</li> <li>Power BI</li> <li>SQL Server</li> <li>Visual Studio</li> <li>Windows Active Directory</li> <li>Windows ALPC</li> <li>Windows Common Log File System Driver</li> <li>Windows Cryptographic Services</li> <li>Windows Distributed File System (DFS)</li> <li>Windows Fax and Scan Service</li> <li>Windows HTTP.sys</li> <li>Windows Installer</li> <li>Windows iSCSI</li> <li>Windows Kerberos</li> <li>Windows MSHTML Platform</li> <li>Windows ODBC Driver</li> <li>Windows Protected EAP (PEAP)</li> <li>Windows SChannel</li> <li>Windows Win32K</li> </ul> <p>Please note the following information regarding the security updates:</p> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 6, 2023</td> <td><a href="https://msrc-blog.microsoft.com/2023/01/06/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>December 29, 2022</td> <td><a href="https://msrc-blog.microsoft.com/2022/12/29/security-update-guide-improvement-representing-hotpatch-updates/">Security Update Guide Improvement – Representing Hotpatch Updates</a></td> </tr> <tr> <td>August 9, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile2">Security Update Guide Notification System News: Create your profile now</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-information">Relevant Information</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2> <p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-15126">CVE-2019-15126</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21528">CVE-2023-21528</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21529">CVE-2023-21529</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21553">CVE-2023-21553</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21564">CVE-2023-21564</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21566">CVE-2023-21566</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21567">CVE-2023-21567</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21568">CVE-2023-21568</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21570">CVE-2023-21570</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21571">CVE-2023-21571</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21572">CVE-2023-21572</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21573">CVE-2023-21573</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21684">CVE-2023-21684</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21685">CVE-2023-21685</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21686">CVE-2023-21686</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21687">CVE-2023-21687</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21688">CVE-2023-21688</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21689">CVE-2023-21689</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21690">CVE-2023-21690</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21691">CVE-2023-21691</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21692">CVE-2023-21692</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21693">CVE-2023-21693</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21694">CVE-2023-21694</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21695">CVE-2023-21695</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21697">CVE-2023-21697</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21699">CVE-2023-21699</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21700">CVE-2023-21700</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21703">CVE-2023-21703</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21704">CVE-2023-21704</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21705">CVE-2023-21705</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21706">CVE-2023-21706</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21707">CVE-2023-21707</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21710">CVE-2023-21710</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21713">CVE-2023-21713</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21714">CVE-2023-21714</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21715">CVE-2023-21715</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21716">CVE-2023-21716</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21717">CVE-2023-21717</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21718">CVE-2023-21718</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21720">CVE-2023-21720</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21721">CVE-2023-21721</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21722">CVE-2023-21722</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21777">CVE-2023-21777</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21778">CVE-2023-21778</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21794">CVE-2023-21794</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21797">CVE-2023-21797</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21798">CVE-2023-21798</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21799">CVE-2023-21799</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21800">CVE-2023-21800</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21801">CVE-2023-21801</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21802">CVE-2023-21802</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21803">CVE-2023-21803</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21804">CVE-2023-21804</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21805">CVE-2023-21805</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21806">CVE-2023-21806</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21807">CVE-2023-21807</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21808">CVE-2023-21808</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21809">CVE-2023-21809</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21812">CVE-2023-21812</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21815">CVE-2023-21815</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21817">CVE-2023-21817</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21820">CVE-2023-21820</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21822">CVE-2023-21822</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21823">CVE-2023-21823</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23374">CVE-2023-23374</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23376">CVE-2023-23376</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23377">CVE-2023-23377</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23378">CVE-2023-23378</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23379">CVE-2023-23379</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23381">CVE-2023-23381</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23382">CVE-2023-23382</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23390">CVE-2023-23390</a></li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5022083">5022083</a></td> <td>Change in how WPF-based applications render XPS documents</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022834">5022834</a></td> <td>Windows 10, version 20H2, Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022840">5022840</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022845">5022845</a></td> <td>Windows 11 version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022872">5022872</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022874">5022874</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022890">5022890</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022893">5022893</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022894">5022894</a></td> <td>Windows Server 2012 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022895">5022895</a></td> <td>Windows Server 2012 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022899">5022899</a></td> <td>Windows Server 2012 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5022903">5022903</a></td> <td>Windows Server 2012 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Edge (Chromium-based) Microsoft Edge for Android Azure DevOps Server 2020.1.2 Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.0 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) SQL Server Integration Services for Visual Studio 2019 SQL Server Integration Services for Visual Studio 2022 Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2013 Update 5 .NET 7.0 .NET 6.0 PowerShell 7.2 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 20H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 20H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 20H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 20H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Azure App Service on Azure Stack Hub Azure Machine Learning Azure Data Box Gateway Azure Stack Edge Azure DevOps Server 2022 Microsoft Dynamics 365 Unified Service Desk Microsoft Dynamics 365 (on-premises) version 9.1 Microsoft Dynamics 365 (on-premises) version 9.0 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE) Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE) Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE) Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 23 Power BI Report Server - January 2023 Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft SQL Server 2019 for x64-based Systems (CU 18) Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft Defender Security Intelligence Updates Microsoft Defender for IoT Print 3D 3D Builder Microsoft Office for Android Microsoft Office for Universal Microsoft Office for iOS Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC for Mac 2021 Microsoft SharePoint Server Subscription Edition SharePoint Server Subscription Edition Language Pack Microsoft Office Online Server Microsoft Office 2019 for Mac Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft Word 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft OneNote for Android HoloLens 1 CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM Azure Linux 3.0 x64 Azure Linux 3.0 ARM Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft SharePoint Foundation 2013 Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE) Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Office Online Server Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 20H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 20H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Microsoft Edge for Android Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft SharePoint Server Subscription Edition Microsoft Defender for IoT Microsoft Visual Studio 2022 version 17.0 PowerShell 7.2 SharePoint Server Subscription Edition Language Pack .NET 6.0 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft Visual Studio 2022 version 17.2 Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 20H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 20H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Azure Stack Edge Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 and 4.6.2 on Windows 10 for x64-based Systems Microsoft Visual Studio 2022 version 17.4 .NET 7.0 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM 3D Builder Azure DevOps Server 2020.1.2 Azure Data Box Gateway Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2019 for x64-based Systems (CU 18) Microsoft SQL Server 2022 for x64-based Systems (GDR) Azure DevOps Server 2022 Print 3D Azure Machine Learning Microsoft OneNote for Android Azure App Service on Azure Stack Hub Microsoft Office for Android Microsoft Office for Universal Microsoft Dynamics 365 Unified Service Desk HoloLens 1 Power BI Report Server - January 2023 Microsoft Defender Security Intelligence Updates Microsoft Office for iOS SQL Server Integration Services for Visual Studio 2019 SQL Server Integration Services for Visual Studio 2022 Azure Linux 3.0 x64 Azure Linux 3.0 ARM less-590-2.cm2.x86_64.rpm on CBL Mariner 2.0 x64 less-debuginfo-590-2.cm2.x86_64.rpm on CBL Mariner 2.0 x64 less-590-2.cm2.aarch64.rpm on CBL Mariner 2.0 ARM less-debuginfo-590-2.cm2.aarch64.rpm on CBL Mariner 2.0 ARM cbl2 reaper 3.1.1-6 on CBL Mariner 2.0 azl3 shim-unsigned-x64 15.8-5 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0 cm1 gcc 9.1.0-7 on CBL Mariner 1.0 cm1 glibc 2.28-24 on CBL Mariner 1.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 glibc 2.35-7 on CBL Mariner 2.0 cbl2 golang 1.21.6-1 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 azl3 golang 1.23.7-1 on Azure Linux 3.0 azl3 application-gateway-kubernetes-ingress 1.7.2-3 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 cm1 kernel 5.10.188.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.122.1-2 on CBL Mariner 2.0 cm1 openssh 8.9p1-3 on CBL Mariner 1.0 cbl2 hyperv-daemons 5.15.118.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.116.1-2 on CBL Mariner 2.0 cm1 mozjs60 60.9.0-13 on CBL Mariner 1.0 azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0 cm1 qt5-qtbase 5.12.11-7 on CBL Mariner 1.0 cbl2 cmake 3.21.4-6 on CBL Mariner 2.0 azl3 tensorflow 2.16.1-1 on Azure Linux 3.0 azl3 cmake 3.21.4-10 on Azure Linux 3.0 cbl2 kernel 5.15.111.1-1 on CBL Mariner 2.0 cm1 kernel 5.10.177.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.107.1-2 on CBL Mariner 2.0 cm1 kernel 5.10.174.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.135.1-2 on CBL Mariner 2.0 cm1 cloud-hypervisor 22.0-2 on CBL Mariner 1.0 cbl2 cloud-hypervisor 30.0-2 on CBL Mariner 2.0 cm1 sudo 1.9.13p3-1 on CBL Mariner 1.0 cbl2 kernel 5.15.102.1-1 on CBL Mariner 2.0 cm1 kernel 5.10.172.1-1 on CBL Mariner 1.0 cm1 kernel 5.10.189.1-1 on CBL Mariner 1.0 cbl2 sudo 1.9.13p3-1 on CBL Mariner 2.0 cm1 nodejs 14.21.3-1 on CBL Mariner 1.0 cbl2 nodejs 16.19.1-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.102.1-1 on CBL Mariner 2.0 cm1 rust 1.59.0-1 on CBL Mariner 1.0 cm1 openssl 1.1.1k-13 on CBL Mariner 1.0 cbl2 rust 1.68.2-5 on CBL Mariner 2.0 cbl2 openssl 1.1.1k-21 on CBL Mariner 2.0 azl3 hvloader 1.0.1-4 on Azure Linux 3.0 cm1 python2 2.7.18-12 on CBL Mariner 1.0 cm1 python3 3.7.13-6 on CBL Mariner 1.0 cbl2 python3 3.9.14-8 on CBL Mariner 2.0 cm1 mysql 8.0.32-1 on CBL Mariner 1.0 cm1 curl 7.88.1-1 on CBL Mariner 1.0 cm1 cmake 3.21.4-3 on CBL Mariner 1.0 cbl2 rust 1.72.0-2 on CBL Mariner 2.0 cbl2 mysql 8.0.33-1 on CBL Mariner 2.0 cbl2 curl 7.88.1-1 on CBL Mariner 2.0 cbl2 cmake 3.21.4-13 on CBL Mariner 2.0 azl3 cmake 3.28.2-1 on Azure Linux 3.0 cbl2 mysql 8.0.32-1 on CBL Mariner 2.0 cbl2 cmake 3.21.4-5 on CBL Mariner 2.0 cm1 moby-containerd 1.6.6+azure-9 on CBL Mariner 1.0 cbl2 moby-containerd 1.6.18-2 on CBL Mariner 2.0 cbl2 moby-engine 20.10.14-7 on CBL Mariner 2.0 cbl2 k3s 1.25.5-7 on CBL Mariner 2.0 azl3 moby-engine 20.10.25-3 on Azure Linux 3.0 cbl2 k3s 1.24.12-2 on CBL Mariner 2.0 cm1 haproxy 2.1.5-2 on CBL Mariner 1.0 cbl2 haproxy 2.4.22-1 on CBL Mariner 2.0 cm1 gnutls 3.6.14-9 on CBL Mariner 1.0 cbl2 gnutls 3.7.7-2 on CBL Mariner 2.0 cm1 ruby 2.6.10-1 on CBL Mariner 1.0 cbl2 ruby 3.1.4-1 on CBL Mariner 2.0 cm1 helm 3.4.1-16 on CBL Mariner 1.0 cbl2 helm 3.10.3-3 on CBL Mariner 2.0 cbl2 cert-manager 1.7.3-8 on CBL Mariner 2.0 cm1 libtiff 4.4.0-9 on CBL Mariner 1.0 cbl2 libtiff 4.4.0-8 on CBL Mariner 2.0 cm1 libtiff 4.5.0-1 on CBL Mariner 1.0 cm1 shim-unsigned-x64 15.4-2 on CBL Mariner 1.0 cm1 shim-unsigned-aarch64 15-5 on CBL Mariner 1.0 cbl2 shim-unsigned-x64 15.8-1 on CBL Mariner 2.0 cbl2 shim-unsigned-aarch64 15-5 on CBL Mariner 2.0 cm1 python-cryptography 3.3.2-2 on CBL Mariner 1.0 cbl2 python-cryptography 3.3.2-4 on CBL Mariner 2.0 azl3 python-cryptography 3.3.2-5 on Azure Linux 3.0 cm1 harfbuzz 3.4.0-1 on CBL Mariner 1.0 cbl2 harfbuzz 3.4.0-3 on CBL Mariner 2.0 azl3 hyperv-daemons 6.6.14.1-1 on Azure Linux 3.0 cbl2 openssh 8.9p1-8 on CBL Mariner 2.0 azl3 edk2 20240223gitedc6681206c1-1 on Azure Linux 3.0 azl3 golang 1.22.7-2 on Azure Linux 3.0 azl3 kubevirt 1.2.0-1 on Azure Linux 3.0 cbl2 packer 1.8.7-1 on CBL Mariner 2.0 cbl2 libXpm 3.5.17-1 on CBL Mariner 2.0 azl3 tensorflow 2.11.1-1 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 nghttp2 1.46.0-3 on CBL Mariner 2.0 cbl2 emacs 28.2-4 on CBL Mariner 2.0 cbl2 libmicrohttpd 0.9.76-1 on CBL Mariner 2.0 cbl2 php 8.1.16-1 on CBL Mariner 2.0 cbl2 clamav 0.105.2-1 on CBL Mariner 2.0 cbl2 junit 4.13-5 on CBL Mariner 2.0 cbl2 terraform 1.3.2-22 on CBL Mariner 2.0 cbl2 python-werkzeug 2.2.3-1 on CBL Mariner 2.0 cbl2 python-werkzeug 2.0.3-2 on CBL Mariner 2.0 azl3 gssntlmssp 1.3.1-1 on Azure Linux 3.0 azl3 glusterfs 11.1-3 on Azure Linux 3.0 cm1 golang 1.17.13-2 on CBL Mariner 1.0 cbl2 msft-golang 1.19.8-1 on CBL Mariner 2.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 msft-golang 1.19.6-1 on CBL Mariner 2.0 cbl2 golang 1.19.5-1 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 azl3 golang 1.19.5-1 on Azure Linux 3.0 cbl2 golang 1.19.6-1 on CBL Mariner 2.0 azl3 golang 1.19.6-1 on Azure Linux 3.0 cm1 curl 7.86.0-3 on CBL Mariner 1.0 cbl2 curl 7.86.0-3 on CBL Mariner 2.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 azl3 hvloader 1.0.1-2 on Azure Linux 3.0 azl3 rust hyper-0.14.25 on Azure Linux 3.0 azl3 rpm-ostree 2022.1-7 on Azure Linux 3.0 azl3 application-gateway-kubernetes-ingress 1.7.2-2 on Azure Linux 3.0 azl3 LibRaw 0.21.3-1 on Azure Linux 3.0 azl3 tidy 5.8.0-6 on Azure Linux 3.0 azl3 hdf5 1.12.1-13 on Azure Linux 3.0 azl3 php 8.3.19-1 on Azure Linux 3.0 cbl2 pesign on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 golang 1.23.8-1 on Azure Linux 3.0 cbl2 golang 1.17.13-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 azl3 hyperv-daemons 6.6.92.2-1 on Azure Linux 3.0 azl3 kubevirt 0.59.0-14 on Azure Linux 3.0 cbl2 hvloader 1.0.1-2 on CBL Mariner 2.0 azl3 golang 1.22.7-1 on Azure Linux 3.0 cbl2 qemu 6.2.0-25 on CBL Mariner 2.0 cbl2 qemu 6.2.0-26 on CBL Mariner 2.0 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Use-after-free following BIO_new_NDEF <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-0215 Use After Free 17013-17084 17012-17084 19671-17084 17978-16820 17979-16820 17941-16820 17942-16820 17918-16820 17945-16823 17980-16823 17981-16823 17944-16823 17919-16823 17946-17084 17859-17084 20011-17086 18666-17084 19662-17086 19686-17084 17093-17086 17013-17084 17012-17084 19671-17084 17978-16820 17979-16820 17941-16820 17942-16820 17918-16820 17945-16823 17980-16823 17981-16823 17944-16823 17919-16823 17946-17084 17859-17084 20011-17086 18666-17084 19662-17086 19686-17084 17093-17086 Important 17013-17084 Important 17012-17084 Important 19671-17084 Important 17978-16820 Important 17979-16820 Important 17941-16820 Important 17942-16820 Important 17918-16820 Important 17945-16823 Important 17980-16823 Important 17981-16823 Important 17944-16823 Important 17919-16823 Important 17946-17084 Important 17859-17084 Important 20011-17086 Important 18666-17084 19662-17086 Important 19686-17084 Important 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17013-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17012-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17978-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17979-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17941-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17942-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17918-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17945-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17980-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17981-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17944-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17919-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17946-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17859-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20011-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18666-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19662-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17093-17086 CBL-Mariner Releases 17978-16820 No Security Update 15.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17978-16820 CBL-Mariner Releases CBL-Mariner Releases 17979-16820 17981-16823 No Security Update 15-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17979-16820 17981-16823 CBL-Mariner Releases CBL-Mariner Releases 17941-16820 No Security Update 1.59.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17941-16820 CBL-Mariner Releases CBL-Mariner Releases 17942-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17942-16820 CBL-Mariner Releases CBL-Mariner Releases 17918-16820 No Security Update 22.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17918-16820 CBL-Mariner Releases CBL-Mariner Releases 17945-16823 No Security Update 1.1.1k-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17945-16823 CBL-Mariner Releases CBL-Mariner Releases 17980-16823 No Security Update 15.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17980-16823 CBL-Mariner Releases CBL-Mariner Releases 17944-16823 No Security Update 1.68.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17944-16823 CBL-Mariner Releases CBL-Mariner Releases 17919-16823 No Security Update 30.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17919-16823 CBL-Mariner Releases CBL-Mariner Releases 17946-17084 18666-17084 No Security Update 1.0.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17946-17084 18666-17084 CBL-Mariner Releases CBL-Mariner Releases 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 20011-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20011-17086 CBL-Mariner Releases 1.0 2023-02-13T00:00:00 <p>Information published.</p> 1.1 2023-02-14T00:00:00 <p>Added openssl to CBL-Mariner 2.0 Added openssl to CBL-Mariner 1.0</p> 1.2 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> 1.4 2024-08-15T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:41:42 <p>Information published.</p> Use-after-free vulnerability in the Linux Kernel <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-0461 Use After Free 17911-16820 17930-16823 17911-16820 17930-16823 Important 17911-16820 Important 17930-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17911-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17930-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17930-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> Go-Getter Vulnerable to Decompression Bombs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner HashiCorp Yes CVE-2023-0475 Improper Handling of Highly Compressed Data (Data Amplification) 18404-16823 18245-16823 17965-16823 18404-16823 18245-16823 17965-16823 Moderate 18404-16823 Moderate 18245-16823 Moderate 17965-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18404-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18245-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17965-16823 CBL-Mariner Releases 18404-16823 No Security Update 1.3.2-22 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18404-16823 CBL-Mariner Releases CBL-Mariner Releases 18245-16823 No Security Update 1.8.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18245-16823 CBL-Mariner Releases CBL-Mariner Releases 17965-16823 No Security Update 1.24.12-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17965-16823 CBL-Mariner Releases 1.1 2025-01-25T00:00:00 <p>Added terraform to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0</p> 1.0 2023-02-20T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0795 Out-of-bounds Read 17975-16820 17976-16823 17975-16820 17976-16823 Moderate 17975-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17975-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17975-16820 No Security Update 4.4.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17975-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0798 Out-of-bounds Read 17977-16820 17976-16823 17977-16820 17976-16823 Moderate 17977-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17977-16820 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 33aee127. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0802 Out-of-bounds Write 17977-16820 17976-16823 17977-16820 17976-16823 Moderate 17977-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17977-16820 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> On Feb 15 2023 the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier 0.105.1 and earlier and 0.103.7 and earlier could allow an unauthenticated remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process or else crash the process resulting in a denial of service (DoS) condition. For a description of this vulnerability see the ClamAV blog ["https://blog.clamav.net/"]. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner cisco Yes CVE-2023-20032 Out-of-bounds Write 18402-16823 18402-16823 Critical 18402-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18402-16823 CBL-Mariner Releases 18402-16823 No Security Update 0.105.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18402-16823 CBL-Mariner Releases 1.0 2023-03-01T00:00:00 <p>Information published.</p> On Feb 15 2023 the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier 0.105.1 and earlier and 0.103.7 and earlier could allow an unauthenticated remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner cisco Yes CVE-2023-20052 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') 18402-16823 18402-16823 Moderate 18402-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 18402-16823 CBL-Mariner Releases 18402-16823 No Security Update 0.105.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18402-16823 CBL-Mariner Releases 1.0 2023-03-01T00:00:00 <p>Information published.</p> In the Linux kernel before 5.17 an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-22995 17841-16823 17841-16823 Important 17841-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17841-16823 CBL-Mariner Releases 17841-16823 No Security Update 5.15.116.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17841-16823 CBL-Mariner Releases 1.0 2023-03-09T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> In the Linux kernel before 5.16.3 drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case whereas it is actually an error pointer). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-22999 NULL Pointer Dereference 17935-16820 17930-16823 17935-16820 17930-16823 Moderate 17935-16820 Moderate 17930-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17935-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17930-16823 CBL-Mariner Releases 17935-16820 No Security Update 5.10.172.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17935-16820 CBL-Mariner Releases CBL-Mariner Releases 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17930-16823 CBL-Mariner Releases 1.0 2023-03-07T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open() aka a race condition between vcc_open() and vcc_remove(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-23039 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17936-16820 17917-16823 17936-16820 17917-16823 Moderate 17936-16820 Moderate 17917-16823 5.7 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 17936-16820 5.7 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 17917-16823 CBL-Mariner Releases 17936-16820 No Security Update 5.10.189.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17936-16820 CBL-Mariner Releases CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-03-07T00:00:00 <p>Information published.</p> A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-23915 Cleartext Transmission of Sensitive Information 18295-17084 19686-17084 19671-17084 17941-16820 17950-16820 17951-16820 17952-16820 17953-16823 17954-16823 17955-16823 17959-16823 17878-17084 17957-17084 17879-17084 19668-17086 18295-17084 19686-17084 19671-17084 17941-16820 17950-16820 17951-16820 17952-16820 17953-16823 17954-16823 17955-16823 17959-16823 17878-17084 17957-17084 17879-17084 19668-17086 Moderate 18295-17084 Moderate 19686-17084 Moderate 19671-17084 Moderate 17941-16820 Moderate 17950-16820 Moderate 17951-16820 Moderate 17952-16820 Moderate 17953-16823 Moderate 17954-16823 Moderate 17955-16823 Moderate 17959-16823 Moderate 17878-17084 Moderate 17957-17084 Moderate 17879-17084 Moderate 19668-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18295-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19686-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19671-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17941-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17950-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17951-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17952-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17953-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17954-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17955-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17959-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17878-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17957-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17879-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19668-17086 CBL-Mariner Releases 18295-17084 17878-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18295-17084 17878-17084 CBL-Mariner Releases CBL-Mariner Releases 17941-16820 No Security Update 1.59.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17941-16820 CBL-Mariner Releases CBL-Mariner Releases 17950-16820 No Security Update 8.0.32-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17950-16820 CBL-Mariner Releases CBL-Mariner Releases 17951-16820 17955-16823 No Security Update 7.88.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17951-16820 17955-16823 CBL-Mariner Releases CBL-Mariner Releases 17952-16820 No Security Update 3.21.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17952-16820 CBL-Mariner Releases CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases CBL-Mariner Releases 17954-16823 No Security Update 8.0.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17954-16823 CBL-Mariner Releases CBL-Mariner Releases 17959-16823 No Security Update 3.21.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17959-16823 CBL-Mariner Releases CBL-Mariner Releases 17957-17084 17879-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17957-17084 17879-17084 CBL-Mariner Releases 1.0 2023-02-24T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T15:12:46 <p>Information published.</p> A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-23914 Cleartext Transmission of Sensitive Information 19668-17086 19686-17084 19671-17084 17941-16820 17950-16820 17951-16820 17952-16820 17944-16823 17958-16823 17955-16823 17877-16823 17878-17084 17879-17084 18295-17084 19668-17086 19686-17084 19671-17084 17941-16820 17950-16820 17951-16820 17952-16820 17944-16823 17958-16823 17955-16823 17877-16823 17878-17084 17879-17084 18295-17084 Critical 19668-17086 Critical 19686-17084 Critical 19671-17084 Critical 17941-16820 Critical 17950-16820 Critical 17951-16820 Critical 17952-16820 Critical 17944-16823 Critical 17958-16823 Critical 17955-16823 Critical 17877-16823 Critical 17878-17084 Critical 17879-17084 Critical 18295-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 19668-17086 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 19686-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 19671-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17941-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17950-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17951-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17952-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17944-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17958-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17955-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17877-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17878-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17879-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 18295-17084 CBL-Mariner Releases 17941-16820 No Security Update 1.59.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17941-16820 CBL-Mariner Releases CBL-Mariner Releases 17950-16820 17958-16823 No Security Update 8.0.32-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17950-16820 17958-16823 CBL-Mariner Releases CBL-Mariner Releases 17951-16820 17955-16823 No Security Update 7.88.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17951-16820 17955-16823 CBL-Mariner Releases CBL-Mariner Releases 17952-16820 No Security Update 3.21.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17952-16820 CBL-Mariner Releases CBL-Mariner Releases 17944-16823 No Security Update 1.68.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17944-16823 CBL-Mariner Releases CBL-Mariner Releases 17877-16823 No Security Update 3.21.4-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17877-16823 CBL-Mariner Releases CBL-Mariner Releases 17878-17084 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17878-17084 18295-17084 CBL-Mariner Releases CBL-Mariner Releases 17879-17084 No Security Update 3.21.4-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17879-17084 CBL-Mariner Releases 1.2 2026-02-18T01:20:26 <p>Information published.</p> 1.0 2023-02-24T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> A privilege escalation vulnerability exists in Node.js <19.6.1 <18.14.1 <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-23918 Incorrect Authorization 17938-16820 17939-16823 17938-16820 17939-16823 Important 17938-16820 Important 17939-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17938-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17939-16823 CBL-Mariner Releases 17938-16820 No Security Update 14.21.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17938-16820 CBL-Mariner Releases CBL-Mariner Releases 17939-16823 No Security Update 16.19.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17939-16823 CBL-Mariner Releases 1.0 2023-03-04T00:00:00 <p>Information published.</p> An untrusted search path vulnerability exists in Node.js. <19.6.1 <18.14.1 <16.19.1 and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-23920 Untrusted Search Path 17938-16820 17939-16823 17938-16820 17939-16823 Moderate 17938-16820 Moderate 17939-16823 4.2 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N 17938-16820 4.2 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N 17939-16823 CBL-Mariner Releases 17938-16820 No Security Update 14.21.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17938-16820 CBL-Mariner Releases CBL-Mariner Releases 17939-16823 No Security Update 16.19.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17939-16823 CBL-Mariner Releases 1.0 2023-02-28T00:00:00 <p>Information published.</p> 1.1 2023-03-04T00:00:00 <p>Added nodejs to CBL-Mariner 1.0</p> 1.2 2023-03-25T00:00:00 <p>Information published.</p> Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-23934 Improper Input Validation 19693-17084 19712-17086 18405-16823 19693-17084 19712-17086 18405-16823 Low 19693-17084 Low 19712-17086 Low 18405-16823 2.6 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N 19693-17084 2.6 2.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N 19712-17086 3.5 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 18405-16823 CBL-Mariner Releases 18405-16823 No Security Update 2.2.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18405-16823 CBL-Mariner Releases 1.2 2026-02-18T14:03:17 <p>Information published.</p> 1.0 2023-02-20T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-24329 Improper Input Validation 17947-16820 17948-16820 17949-16823 17947-16820 17948-16820 17949-16823 Important 17947-16820 Important 17948-16820 Important 17949-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17947-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17948-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 17949-16823 CBL-Mariner Releases 17947-16820 No Security Update 2.7.18-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17947-16820 CBL-Mariner Releases CBL-Mariner Releases 17948-16820 No Security Update 3.7.13-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17948-16820 CBL-Mariner Releases CBL-Mariner Releases 17949-16823 No Security Update 3.9.14-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17949-16823 CBL-Mariner Releases 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2023-02-28T00:00:00 <p>Added python2 to CBL-Mariner 1.0</p> 1.2 2023-10-11T00:00:00 <p>Added python3 to CBL-Mariner 2.0</p> Undici vulnerable to Regular Expression Denial of Service in Headers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-24807 Inefficient Regular Expression Complexity 17939-16823 17939-16823 Important 17939-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17939-16823 CBL-Mariner Releases 17939-16823 No Security Update 16.19.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17939-16823 CBL-Mariner Releases 1.0 2023-02-20T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> containerd supplementary groups are not set up properly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25173 Incorrect Authorization 17960-16820 17961-16823 17965-16823 17960-16820 17961-16823 17965-16823 Important 17960-16820 Important 17961-16823 Important 17965-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17960-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17961-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17965-16823 CBL-Mariner Releases 17960-16820 No Security Update 1.6.6+azure-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17960-16820 CBL-Mariner Releases CBL-Mariner Releases 17961-16823 No Security Update 1.6.18-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17961-16823 CBL-Mariner Releases CBL-Mariner Releases 17965-16823 No Security Update 1.24.12-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17965-16823 CBL-Mariner Releases 1.0 2023-02-20T00:00:00 <p>Information published.</p> 1.1 2023-02-25T00:00:00 <p>Added moby-containerd to CBL-Mariner 2.0</p> 1.2 2023-03-20T00:00:00 <p>Information published.</p> HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3 the impact is limited because the headers disappear before being parsed and processed as if they had not been sent by the client. The fixed versions are 2.7.3 2.6.9 2.5.12 2.4.22 2.2.29 and 2.0.31. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-25725 17966-16820 17967-16823 17966-16820 17967-16823 Critical 17966-16820 Critical 17967-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 17966-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 17967-16823 CBL-Mariner Releases 17966-16820 No Security Update 2.1.5-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17966-16820 CBL-Mariner Releases CBL-Mariner Releases 17967-16823 No Security Update 2.4.22-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17967-16823 CBL-Mariner Releases 1.0 2023-02-20T00:00:00 <p>Information published.</p> 1.1 2023-06-28T00:00:00 <p>Information published.</p> afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26242 Integer Overflow or Wraparound 17936-16820 17917-16823 17936-16820 17917-16823 Important 17936-16820 Important 17917-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17936-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17917-16823 CBL-Mariner Releases 17936-16820 No Security Update 5.10.189.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17936-16820 CBL-Mariner Releases CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-03-03T00:00:00 <p>Information published.</p> GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-27371 Out-of-bounds Read 18400-16823 18400-16823 Moderate 18400-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18400-16823 CBL-Mariner Releases 18400-16823 No Security Update 0.9.76-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18400-16823 CBL-Mariner Releases 1.0 2023-03-10T00:00:00 <p>Information published.</p> OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-25136 Double Free 17825-16820 17996-16823 17825-16820 17996-16823 Moderate 17825-16820 Moderate 17996-16823 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 17825-16820 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 17996-16823 CBL-Mariner Releases 17825-16820 No Security Update 8.9p1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17825-16820 CBL-Mariner Releases CBL-Mariner Releases 17996-16823 No Security Update 8.9p1-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17996-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:30 <p>Information published.</p> Panic on large handshake records in crypto/tls <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-41724 Uncontrolled Resource Consumption 19785-17086 19778-17086 19668-17086 17667-17084 17485-17084 19697-17084 18442-16820 17017-16820 17375-16823 18445-16823 18449-16823 18447-16823 18450-17084 18315-17084 19679-17084 19712-17086 19693-17084 19785-17086 19778-17086 19668-17086 17667-17084 17485-17084 19697-17084 18442-16820 17017-16820 17375-16823 18445-16823 18449-16823 18447-16823 18450-17084 18315-17084 19679-17084 19712-17086 19693-17084 Important 19785-17086 Important 19778-17086 Important 19668-17086 Important 17667-17084 Important 17485-17084 Important 19697-17084 Important 18442-16820 Important 17017-16820 Important 17375-16823 Important 18445-16823 Important 18449-16823 Important 18447-16823 Important 18450-17084 Important 18315-17084 Important 19679-17084 Important 19712-17086 Important 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17485-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18442-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17017-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17375-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18445-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18449-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18447-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18450-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 CBL-Mariner Releases 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 19778-17086 CBL-Mariner Releases CBL-Mariner Releases 18442-16820 No Security Update 1.17.13-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18442-16820 CBL-Mariner Releases CBL-Mariner Releases 17017-16820 No Security Update 9.1.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17017-16820 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18445-16823 18449-16823 18450-17084 No Security Update 1.19.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18445-16823 18449-16823 18450-17084 CBL-Mariner Releases CBL-Mariner Releases 18447-16823 No Security Update 11.2.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18447-16823 CBL-Mariner Releases 1.0 2025-09-04T01:14:18 <p>Information published.</p> 1.1 2026-02-18T02:49:54 <p>Information published.</p> Path traversal on Windows in path/filepath <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-41722 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 19778-17086 19785-17086 19668-17086 18442-16820 17375-16823 18443-16823 18444-16823 18139-17084 17667-17084 20239-17084 19778-17086 19785-17086 19668-17086 18442-16820 17375-16823 18443-16823 18444-16823 18139-17084 17667-17084 20239-17084 Important 19778-17086 Important 19785-17086 Important 19668-17086 Important 18442-16820 Important 17375-16823 Important 18443-16823 Important 18444-16823 Important 18139-17084 Important 17667-17084 Important 20239-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18442-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17375-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18443-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18444-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18139-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 20239-17084 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 18442-16820 No Security Update 1.17.13-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18442-16820 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18443-16823 No Security Update 1.19.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18443-16823 CBL-Mariner Releases CBL-Mariner Releases 18444-16823 No Security Update 1.22.7-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18444-16823 CBL-Mariner Releases CBL-Mariner Releases 18139-17084 20239-17084 No Security Update 1.22.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18139-17084 20239-17084 CBL-Mariner Releases 1.2 2024-10-05T00:00:00 <p>Information published.</p> 1.3 2026-02-18T02:34:40 <p>Information published.</p> 1.0 2023-03-01T00:00:00 <p>Information published.</p> 1.1 2024-08-09T00:00:00 <p>Information published.</p> Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-41723 18189-17084 18837-17084 17515-17084 19785-17086 19778-17086 19959-17084 18189-17084 18837-17084 17515-17084 19785-17086 19778-17086 19959-17084 Important 18189-17084 Important 18837-17084 Important 17515-17084 Important 19785-17086 Important 19778-17086 Important 19959-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18189-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18837-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17515-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19959-17084 CBL-Mariner Releases 18189-17084 19959-17084 No Security Update 1.2.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18189-17084 19959-17084 CBL-Mariner Releases CBL-Mariner Releases 18837-17084 No Security Update 1.7.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18837-17084 CBL-Mariner Releases CBL-Mariner Releases 17515-17084 No Security Update 1.7.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17515-17084 CBL-Mariner Releases CBL-Mariner Releases 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 19778-17086 CBL-Mariner Releases 1.4 2025-02-11T00:00:00 <p>Added application-gateway-kubernetes-ingress to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added golang to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added skopeo to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0</p> 1.5 2026-02-18T14:57:45 <p>Information published.</p> 1.0 2023-04-05T00:00:00 <p>Information published.</p> 1.1 2023-05-17T00:00:00 <p>Added kubevirt to CBL-Mariner 2.0</p> 1.2 2023-03-10T00:00:00 <p>Information published.</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> Timing Oracle in RSA Decryption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2022-4304 Observable Discrepancy 18666-17084 19686-17084 20602-17086 17941-16820 17942-16820 17918-16820 17944-16823 17945-16823 17919-16823 17946-17084 18131-17084 17859-17084 20011-17086 19662-17086 19671-17084 17093-17086 20691-17086 18666-17084 19686-17084 20602-17086 17941-16820 17942-16820 17918-16820 17944-16823 17945-16823 17919-16823 17946-17084 18131-17084 17859-17084 20011-17086 19662-17086 19671-17084 17093-17086 20691-17086 Moderate 18666-17084 Moderate 19686-17084 Moderate 20602-17086 Moderate 17941-16820 Moderate 17942-16820 Moderate 17918-16820 Moderate 17944-16823 Moderate 17945-16823 Moderate 17919-16823 Moderate 17946-17084 Moderate 18131-17084 Moderate 17859-17084 Moderate 20011-17086 19662-17086 Moderate 19671-17084 Moderate 17093-17086 Moderate 20691-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18666-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19686-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 20602-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17941-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17942-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17918-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17944-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17945-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17919-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17946-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18131-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17859-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 20011-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19662-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19671-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17093-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 20691-17086 CBL-Mariner Releases 18666-17084 17946-17084 No Security Update 1.0.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18666-17084 17946-17084 CBL-Mariner Releases CBL-Mariner Releases 17941-16820 No Security Update 1.59.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17941-16820 CBL-Mariner Releases CBL-Mariner Releases 17942-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17942-16820 CBL-Mariner Releases CBL-Mariner Releases 17918-16820 No Security Update 22.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17918-16820 CBL-Mariner Releases CBL-Mariner Releases 17944-16823 No Security Update 1.68.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17944-16823 CBL-Mariner Releases CBL-Mariner Releases 17945-16823 No Security Update 1.1.1k-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17945-16823 CBL-Mariner Releases CBL-Mariner Releases 17919-16823 No Security Update 30.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17919-16823 CBL-Mariner Releases CBL-Mariner Releases 18131-17084 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18131-17084 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 20011-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20011-17086 CBL-Mariner Releases 3.0 2025-12-06T14:35:53 <p>Information published.</p> 1.0 2023-02-13T00:00:00 <p>Information published.</p> 1.1 2023-02-14T00:00:00 <p>Added openssl to CBL-Mariner 1.0</p> 1.2 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> 1.4 2024-08-15T00:00:00 <p>Information published.</p> 2.0 2025-08-06T00:00:00 <p>Added edk2 to CBL-Mariner 2.0 Added hvloader to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added cloud-hypervisor to CBL-Mariner 2.0 Added openssl to CBL-Mariner 2.0 Added hvloader to Azure Linux 3.0 Added edk2 to Azure Linux 3.0 Added openssl to CBL-Mariner 1.0</p> 3.1 2026-02-18T01:52:39 <p>Information published.</p> 4.0 2026-03-03T01:35:31 <p>Information published.</p> A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET curl would use a heap-allocated struct after it had been freed in its transfer shutdown code path. <p><strong>What is the curl open-source project?</strong></p> <p>Curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for &quot;Client for URL&quot;. The Windows implementation provides access to the command-line tool, not the library.</p> <p><strong>What version of curl addresses this CVE?</strong></p> <p>Curl version 7.87.0 addresses this vulnerability.</p> <p><strong>Where can I find more information about this curl vulnerability?</strong></p> <p>More information can be found at <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-43552">NVD</a> and <a href="https://curl.se/docs/CVE-2022-43552.html">curl.se</a></p> <p><strong>Are there any workarounds that can be implemented?</strong></p> <p>Preventing the execution of curl.exe is a workaround to be considered</p> <p>Use a WDAC policy to deny execution of the \system32\curl.exe executable. You can merge the deny into an existing policy or create a new policy with it using the Merge-CIPolicy cmdlet; <a href="https://learn.microsoft.com/en-us/powershell/module/configci/merge-cipolicy?view=windowsserver2022-ps">Merge-CIPolicy (ConfigCI) | Microsoft Learn</a>. Once the policy XML file with the deny has been created or merged with an existing policy it must be deployed.</p> <p>Choose how to deploy the policy; <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide#choose-how-to-deploy-wdac-policies">Deploying Windows Defender Application Control (WDAC) policies | Microsoft Learn</a></p> <ul> <li>Deploy using a <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune">Mobile Device Management (MDM) </a>solution, such as Microsoft Intune</li> <li>Deploy using <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm">Microsoft Configuration Manager</a></li> <li>Deploy via <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script">script</a></li> <li>Deploy via <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy">group policy</a></li> </ul> <p>For example:</p> <p><strong>Create a new policy: (These steps will create a new policy named Deny-Curl.xml by merging the deny using the example policy named AllowAll.xml)</strong></p> <pre><code>$rule = new-cipolicyrule -DriverFilePath &quot;$env:systemroot\system32\curl.exe&quot; -Level FilePublisher -Deny $rule[0].attributes[&quot;MinimumFileVersion&quot;] = &quot;0.0.0.0&quot; $rule[0].attributes[&quot;MaximumFileVersion&quot;] = &quot;7.87.0.0&quot; merge-cipolicy &quot;$env:systemroot\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml&quot; -Rules $rule -OutputFilePath &quot;Deny-Curl.xml&quot; </code></pre> <p><strong>Merge into an existing policy</strong></p> <pre><code>$rule = new-cipolicyrule -DriverFilePath &quot;$env:systemroot\system32\curl.exe&quot; -Level FilePublisher -Deny $rule[0].attributes[&quot;MinimumFileVersion&quot;] = &quot;0.0.0.0&quot; $rule[0].attributes[&quot;MaximumFileVersion&quot;] = &quot;7.87.0.0&quot; merge-cipolicy &quot;existing_policy.xml&quot; -Rules $rule -OutputFilePath &quot;existing_policy.xml&quot; </code></pre> <p><strong>How to undo this workaround?</strong></p> <p>Guidance for how to remove WDAC policies can be found in the following documentation: <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies">Remove Windows Defender Application Control (WDAC) policies</a></p> <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2022-43552 Use After Free 17879-17084 17941-16820 17950-16820 18451-16820 17952-16820 17953-16823 17954-16823 18452-16823 17956-16823 17878-17084 17957-17084 19668-17086 18295-17084 19671-17084 19686-17084 17879-17084 17941-16820 17950-16820 18451-16820 17952-16820 17953-16823 17954-16823 18452-16823 17956-16823 17878-17084 17957-17084 19668-17086 18295-17084 19671-17084 19686-17084 Moderate 17879-17084 Moderate 17941-16820 Moderate 17950-16820 Moderate 18451-16820 Moderate 17952-16820 Moderate 17953-16823 Moderate 17954-16823 Moderate 18452-16823 Moderate 17956-16823 Moderate 17878-17084 Moderate 17957-17084 Moderate 19668-17086 Moderate 18295-17084 Moderate 19671-17084 Moderate 19686-17084 Publicly Disclosed:Yes;Exploited:No 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17879-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17941-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17950-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18451-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17952-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17953-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17954-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18452-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17956-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17878-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17957-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18295-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 CBL-Mariner Releases 17879-17084 17957-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17879-17084 17957-17084 CBL-Mariner Releases CBL-Mariner Releases 17941-16820 No Security Update 1.59.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17941-16820 CBL-Mariner Releases CBL-Mariner Releases 17950-16820 No Security Update 8.0.32-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17950-16820 CBL-Mariner Releases CBL-Mariner Releases 18451-16820 18452-16823 No Security Update 7.86.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18451-16820 18452-16823 CBL-Mariner Releases CBL-Mariner Releases 17952-16820 No Security Update 3.21.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17952-16820 CBL-Mariner Releases CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases CBL-Mariner Releases 17954-16823 No Security Update 8.0.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17954-16823 CBL-Mariner Releases CBL-Mariner Releases 17956-16823 No Security Update 3.21.4-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17956-16823 CBL-Mariner Releases CBL-Mariner Releases 17878-17084 18295-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17878-17084 18295-17084 CBL-Mariner Releases <a href="http://eskamation.de/">Stefan Kanthak</a> 1.3 2023-04-12T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.0 2023-02-10T00:00:00 <p>Information published.</p> 1.1 2023-03-14T07:00:00 <p>CVE updated to add Windows software as Microsoft is aware that certain versions of Windows are affected by the cURL vulnerability. Microsoft will incorporate the new cURL Open Source library that addresses this issue in an upcoming security release.</p> 1.2 2023-04-11T07:00:00 <p>Microsoft is announcing the availability of the April 2023 security updates to address this vulnerability for all supported versions of Windows 10 version 1809, Windows 10 version 20H2, Windows 10 version 21H2, Windows 10 version 22H2, Windows 11 version 21H2, Windows 11 version 22H2, Windows Server 2019, and Windows Server 2022. Microsoft strongly recommends that customers install the April 2023 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 1.4 2024-06-30T07:00:00 <p>Information published.</p> 1.5 2024-11-20T00:00:00 <p>Added cmake to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added tensorflow to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added curl to CBL-Mariner 1.0</p> 1.6 2026-02-18T01:04:52 <p>Information published.</p> A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-46285 Loop with Unreachable Exit Condition (&#39;Infinite Loop&#39;) 18291-16823 18291-16823 Important 18291-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18291-16823 CBL-Mariner Releases 18291-16823 No Security Update 3.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18291-16823 CBL-Mariner Releases 1.0 2023-02-08T00:00:00 <p>Information published.</p> In GNU Less before 609 crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-46663 12686-12139 12687-12139 12688-12140 12689-12140 12686-12139 12687-12139 12688-12140 12689-12140 12686-12139 12687-12139 12688-12140 12689-12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12686-12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12687-12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12688-12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12689-12140 CBL-Mariner Releases 12686-12139 12687-12139 12688-12140 12689-12140 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 12686-12139 12687-12139 12688-12140 12689-12140 CBL-Mariner Releases 1.0 2023-02-14T00:00:00 <p>Information published.</p> GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48337 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 18397-16823 18397-16823 Critical 18397-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18397-16823 CBL-Mariner Releases 18397-16823 No Security Update 28.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18397-16823 CBL-Mariner Releases 1.0 2023-02-28T00:00:00 <p>Information published.</p> 1.1 2023-03-22T00:00:00 <p>Information published.</p> A flaw was found in libXpm. When processing files with .Z or .gz extensions the library calls external programs to compress and uncompress files relying on the PATH environment variable to find these programs which could allow a malicious user to execute other programs by manipulating the PATH environment variable. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-4883 Untrusted Search Path 18291-16823 18291-16823 Important 18291-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18291-16823 CBL-Mariner Releases 18291-16823 No Security Update 3.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18291-16823 CBL-Mariner Releases 1.0 2023-02-08T00:00:00 <p>Information published.</p> Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-37501 Out-of-bounds Write 19088-17084 19088-17084 Important 19088-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19088-17084 CBL-Mariner Releases 19088-17084 No Security Update 1.12.1-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19088-17084 CBL-Mariner Releases 1.0 2023-02-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-46023 Improper Restriction of Operations within the Bounds of a Memory Buffer 17941-16820 17183-16823 18338-16823 19671-17084 19686-17084 17941-16820 17183-16823 18338-16823 19671-17084 19686-17084 Important 17941-16820 Important 17183-16823 Important 18338-16823 Important 19671-17084 Important 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17941-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17183-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18338-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 CBL-Mariner Releases 17941-16820 No Security Update 1.59.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17941-16820 CBL-Mariner Releases CBL-Mariner Releases 17183-16823 No Security Update 1.72.0-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17183-16823 CBL-Mariner Releases CBL-Mariner Releases 18338-16823 No Security Update 1.46.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18338-16823 CBL-Mariner Releases 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:55:48 <p>Information published.</p> Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-32142 Out-of-bounds Write 19078-17084 19078-17084 Important 19078-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19078-17084 CBL-Mariner Releases 19078-17084 No Security Update 0.21.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19078-17084 CBL-Mariner Releases 1.0 2025-02-11T00:00:00 <p>Information published.</p> A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-3560 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 19650-16823 19650-16823 Moderate 19650-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19650-16823 CBL-Mariner Releases 19650-16823 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19650-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:20 <p>Information published.</p> GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25563 Out-of-bounds Read 18408-17084 18408-17084 Important 18408-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 18408-17084 CBL-Mariner Releases 18408-17084 No Security Update 1.3.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18408-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25564 Out-of-bounds Write 18408-17084 18408-17084 Important 18408-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 18408-17084 CBL-Mariner Releases 18408-17084 No Security Update 1.3.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18408-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> GSS-NTLMSSP vulnerable to memory leak when parsing usernames <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25566 Missing Release of Memory after Effective Lifetime 18408-17084 18408-17084 Important 18408-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18408-17084 CBL-Mariner Releases 18408-17084 No Security Update 1.3.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18408-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2021-23980 Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) 19712-17086 19693-17084 19712-17086 19693-17084 Moderate 19712-17086 Moderate 19693-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19712-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 19693-17084 1.0 2025-09-03T21:19:28 <p>Information published.</p> 1.1 2026-02-18T14:32:42 <p>Information published.</p> X.400 address type confusion in X.509 GeneralName <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-0286 Access of Resource Using Incompatible Type ('Type Confusion') 17859-17084 19662-17086 17093-17086 17941-16820 17918-16820 17942-16820 17944-16823 16940-16823 17919-16823 17945-16823 17946-17084 19712-17086 20011-17086 18666-17084 19693-17084 19671-17084 19686-17084 17859-17084 19662-17086 17093-17086 17941-16820 17918-16820 17942-16820 17944-16823 16940-16823 17919-16823 17945-16823 17946-17084 19712-17086 20011-17086 18666-17084 19693-17084 19671-17084 19686-17084 Important 17859-17084 19662-17086 Important 17093-17086 Important 17941-16820 Important 17918-16820 Important 17942-16820 Important 17944-16823 Important 16940-16823 Important 17919-16823 Important 17945-16823 Important 17946-17084 Important 19712-17086 Important 20011-17086 Important 18666-17084 Important 19693-17084 Important 19671-17084 Important 19686-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 17859-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19662-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 17093-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 17941-16820 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 17918-16820 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 17942-16820 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 17944-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 16940-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 17919-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 17945-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 17946-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19712-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 20011-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 18666-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19693-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19671-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19686-17084 CBL-Mariner Releases 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 17941-16820 No Security Update 1.59.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17941-16820 CBL-Mariner Releases CBL-Mariner Releases 17918-16820 No Security Update 22.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17918-16820 CBL-Mariner Releases CBL-Mariner Releases 17942-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17942-16820 CBL-Mariner Releases CBL-Mariner Releases 17944-16823 No Security Update 1.68.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17944-16823 CBL-Mariner Releases CBL-Mariner Releases 16940-16823 No Security Update 3.1.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16940-16823 CBL-Mariner Releases CBL-Mariner Releases 17919-16823 No Security Update 30.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17919-16823 CBL-Mariner Releases CBL-Mariner Releases 17945-16823 No Security Update 1.1.1k-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17945-16823 CBL-Mariner Releases CBL-Mariner Releases 17946-17084 18666-17084 No Security Update 1.0.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17946-17084 18666-17084 CBL-Mariner Releases CBL-Mariner Releases 20011-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20011-17086 CBL-Mariner Releases 2.0 2026-02-18T01:46:36 <p>Information published.</p> 1.0 2023-02-19T00:00:00 <p>Information published.</p> 1.1 2023-02-28T00:00:00 <p>Added cloud-hypervisor to CBL-Mariner 2.0</p> 1.2 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> 1.4 2024-08-15T00:00:00 <p>Information published.</p> A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message the attacker would be able to decrypt the application data exchanged over that connection. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0361 Observable Discrepancy 17968-16820 17969-16823 17968-16820 17969-16823 Important 17968-16820 Important 17969-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 17968-16820 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 17969-16823 CBL-Mariner Releases 17968-16820 No Security Update 3.6.14-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17968-16820 CBL-Mariner Releases CBL-Mariner Releases 17969-16823 No Security Update 3.7.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17969-16823 CBL-Mariner Releases 1.0 2023-02-20T00:00:00 <p>Information published.</p> password_verify() always returns true for some invalid hashes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner php Yes CVE-2023-0567 Use of Password Hash With Insufficient Computational Effort 18401-16823 18401-16823 Moderate 18401-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 18401-16823 CBL-Mariner Releases 18401-16823 No Security Update 8.1.16-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18401-16823 CBL-Mariner Releases 1.0 2023-03-01T00:00:00 <p>Information published.</p> Array overrun in common path resolve code <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner php Yes CVE-2023-0568 Allocation of Resources Without Limits or Throttling 18401-16823 19269-17084 18401-16823 19269-17084 Important 18401-16823 19269-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18401-16823 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 19269-17084 CBL-Mariner Releases 18401-16823 No Security Update 8.1.16-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18401-16823 CBL-Mariner Releases CBL-Mariner Releases 19269-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19269-17084 CBL-Mariner Releases 1.0 2023-02-20T00:00:00 <p>Information published.</p> A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0615 Divide By Zero 17823-16820 17824-16823 17823-16820 17824-16823 Moderate 17823-16820 Moderate 17824-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17823-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-02-15T00:00:00 <p>Information published.</p> DoS vulnerability when parsing multipart request body <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner php Yes CVE-2023-0662 Uncontrolled Resource Consumption 19269-17084 18401-16823 19269-17084 18401-16823 19269-17084 Important 18401-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19269-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18401-16823 CBL-Mariner Releases 19269-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19269-17084 CBL-Mariner Releases CBL-Mariner Releases 18401-16823 No Security Update 8.1.16-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18401-16823 CBL-Mariner Releases 1.0 2023-02-21T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0796 Out-of-bounds Read 17977-16820 17976-16823 17977-16820 17976-16823 Moderate 17977-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17977-16820 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368 invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0797 Out-of-bounds Read 17977-16820 17976-16823 17977-16820 17976-16823 Moderate 17977-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17977-16820 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0799 Use After Free 17977-16820 17976-16823 17977-16820 17976-16823 Moderate 17977-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17977-16820 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 33aee127. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0800 Out-of-bounds Write 17975-16820 17976-16823 17975-16820 17976-16823 Moderate 17975-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17975-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17975-16820 No Security Update 4.4.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17975-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368 invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 33aee127. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0801 Out-of-bounds Write 17977-16820 17976-16823 17977-16820 17976-16823 Moderate 17977-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17977-16820 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 33aee127. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0803 Out-of-bounds Write 17977-16820 17976-16823 17977-16820 17976-16823 Moderate 17977-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17977-16820 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 33aee127. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2023-0804 Out-of-bounds Write 17977-16820 17976-16823 17977-16820 17976-16823 Moderate 17977-16820 Moderate 17976-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17977-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17976-16823 CBL-Mariner Releases 17977-16820 No Security Update 4.5.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17977-16820 CBL-Mariner Releases CBL-Mariner Releases 17976-16823 No Security Update 4.4.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17976-16823 CBL-Mariner Releases 1.0 2023-02-16T00:00:00 <p>Information published.</p> In nf_tables_updtable if nf_tables_table_enable returns an error nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del() but the transaction was never placed on a list -- the list head is all zeroes this results in a NULL pointer dereference. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1095 NULL Pointer Dereference 17935-16820 17930-16823 17935-16820 17930-16823 Moderate 17935-16820 Moderate 17930-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17935-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17930-16823 CBL-Mariner Releases 17935-16820 No Security Update 5.10.172.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17935-16820 CBL-Mariner Releases CBL-Mariner Releases 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17930-16823 CBL-Mariner Releases 1.0 2023-03-07T00:00:00 <p>Information published.</p> A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-22795 Inefficient Regular Expression Complexity 17970-16820 17971-16823 17970-16820 17971-16823 Important 17970-16820 Important 17971-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17970-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17971-16823 CBL-Mariner Releases 17970-16820 No Security Update 2.6.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17970-16820 CBL-Mariner Releases CBL-Mariner Releases 17971-16823 No Security Update 3.1.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17971-16823 CBL-Mariner Releases 1.0 2023-02-18T00:00:00 <p>Information published.</p> 1.1 2023-05-25T00:00:00 <p>Information published.</p> In the Linux kernel before 5.17.2 drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use e.g. with put_device. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-22996 Missing Release of Resource after Effective Lifetime 17911-16820 17930-16823 17911-16820 17930-16823 Moderate 17911-16820 Moderate 17930-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17911-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17930-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17930-16823 CBL-Mariner Releases 1.0 2023-03-07T00:00:00 <p>Information published.</p> In the Linux kernel before 6.1.2 kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case whereas it is actually an error pointer). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-22997 NULL Pointer Dereference 17911-16820 17889-16823 17911-16820 17889-16823 Moderate 17911-16820 Moderate 17889-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17911-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17889-16823 CBL-Mariner Releases 17911-16820 No Security Update 5.10.174.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17911-16820 CBL-Mariner Releases CBL-Mariner Releases 17889-16823 No Security Update 5.15.111.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17889-16823 CBL-Mariner Releases 1.0 2023-03-07T00:00:00 <p>Information published.</p> 1.1 2023-04-07T00:00:00 <p>Information published.</p> In the Linux kernel before 6.0.3 drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case whereas it is actually an error pointer). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-22998 Interpretation Conflict 17935-16820 17930-16823 17935-16820 17930-16823 Moderate 17935-16820 Moderate 17930-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17935-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17930-16823 CBL-Mariner Releases 17935-16820 No Security Update 5.10.172.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17935-16820 CBL-Mariner Releases CBL-Mariner Releases 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17930-16823 CBL-Mariner Releases 1.0 2023-03-04T00:00:00 <p>Information published.</p> An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb" making curl end up spending enormous amounts of allocated heap memory or trying to and returning out of memory errors. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-23916 Allocation of Resources Without Limits or Throttling 19668-17086 18295-17084 17941-16820 17950-16820 17951-16820 17952-16820 17953-16823 17954-16823 17955-16823 17956-16823 17878-17084 17957-17084 17879-17084 19671-17084 19686-17084 19668-17086 18295-17084 17941-16820 17950-16820 17951-16820 17952-16820 17953-16823 17954-16823 17955-16823 17956-16823 17878-17084 17957-17084 17879-17084 19671-17084 19686-17084 Moderate 19668-17086 Moderate 18295-17084 Moderate 17941-16820 Moderate 17950-16820 Moderate 17951-16820 Moderate 17952-16820 Moderate 17953-16823 Moderate 17954-16823 Moderate 17955-16823 Moderate 17956-16823 Moderate 17878-17084 Moderate 17957-17084 Moderate 17879-17084 Moderate 19671-17084 Moderate 19686-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19668-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18295-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17941-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17950-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17951-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17952-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17953-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17954-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17955-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17956-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17878-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17957-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17879-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19671-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19686-17084 CBL-Mariner Releases 18295-17084 17878-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18295-17084 17878-17084 CBL-Mariner Releases CBL-Mariner Releases 17941-16820 No Security Update 1.59.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17941-16820 CBL-Mariner Releases CBL-Mariner Releases 17950-16820 No Security Update 8.0.32-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17950-16820 CBL-Mariner Releases CBL-Mariner Releases 17951-16820 17955-16823 No Security Update 7.88.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17951-16820 17955-16823 CBL-Mariner Releases CBL-Mariner Releases 17952-16820 No Security Update 3.21.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17952-16820 CBL-Mariner Releases CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases CBL-Mariner Releases 17954-16823 No Security Update 8.0.33-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17954-16823 CBL-Mariner Releases CBL-Mariner Releases 17956-16823 No Security Update 3.21.4-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17956-16823 CBL-Mariner Releases CBL-Mariner Releases 17957-17084 17879-17084 No Security Update 3.28.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17957-17084 17879-17084 CBL-Mariner Releases 1.0 2023-02-24T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-11-20T00:00:00 <p>Added cmake to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added mysql to CBL-Mariner 2.0 Added curl to CBL-Mariner 2.0 Added cmake to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added curl to CBL-Mariner 1.0</p> 1.3 2026-02-18T01:02:02 <p>Information published.</p> A cryptographic vulnerability exists in Node.js <19.2.0 <18.14.1 <16.19.1 <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-23919 17938-16820 17939-16823 17938-16820 17939-16823 Important 17938-16820 Important 17939-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17938-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17939-16823 CBL-Mariner Releases 17938-16820 No Security Update 14.21.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17938-16820 CBL-Mariner Releases CBL-Mariner Releases 17939-16823 No Security Update 16.19.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17939-16823 CBL-Mariner Releases 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2023-03-04T00:00:00 <p>Added nodejs to CBL-Mariner 1.0</p> 1.2 2023-03-25T00:00:00 <p>Information published.</p> Cipher.update_into can corrupt memory in pyca cryptography <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-23931 Improper Check for Unusual or Exceptional Conditions 17982-16820 17983-16823 17984-17084 17982-16820 17983-16823 17984-17084 Moderate 17982-16820 Moderate 17983-16823 Moderate 17984-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 17982-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 17983-16823 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 17984-17084 CBL-Mariner Releases 17982-16820 No Security Update 3.3.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17982-16820 CBL-Mariner Releases CBL-Mariner Releases 17983-16823 No Security Update 3.3.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17983-16823 CBL-Mariner Releases CBL-Mariner Releases 17984-17084 No Security Update 3.3.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17984-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> CRLF Injection in Nodejs ‘undici’ via host <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-23936 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 17939-16823 17939-16823 Moderate 17939-16823 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 17939-16823 CBL-Mariner Releases 17939-16823 No Security Update 16.19.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17939-16823 CBL-Mariner Releases 1.0 2023-02-21T00:00:00 <p>Information published.</p> 1.1 2023-03-25T00:00:00 <p>Information published.</p> The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-25012 Use After Free 17902-16820 17835-16823 17903-16823 17987-17084 19797-17084 17902-16820 17835-16823 17903-16823 17987-17084 19797-17084 Moderate 17902-16820 Moderate 17835-16823 Moderate 17903-16823 Moderate 17987-17084 Moderate 19797-17084 4.6 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17902-16820 4.6 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17835-16823 4.6 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17903-16823 4.6 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17987-17084 4.6 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19797-17084 CBL-Mariner Releases 17902-16820 No Security Update 5.10.177.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17902-16820 CBL-Mariner Releases CBL-Mariner Releases 17835-16823 No Security Update 5.15.118.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17835-16823 CBL-Mariner Releases CBL-Mariner Releases 17903-16823 No Security Update 5.15.107.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17903-16823 CBL-Mariner Releases CBL-Mariner Releases 17987-17084 19797-17084 No Security Update 6.6.14.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17987-17084 19797-17084 CBL-Mariner Releases 1.0 2023-02-11T00:00:00 <p>Information published.</p> 1.1 2023-05-09T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> 1.2 2024-06-30T07:00:00 <p>Information published.</p> 1.3 2026-02-19T01:04:18 <p>Information published.</p> containerd OCI image importer memory exhaustion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25153 Allocation of Resources Without Limits or Throttling 17960-16820 17961-16823 17962-16823 17963-16823 17964-17084 17960-16820 17961-16823 17962-16823 17963-16823 17964-17084 Moderate 17960-16820 Moderate 17961-16823 Moderate 17962-16823 Moderate 17963-16823 Moderate 17964-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17960-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17961-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17962-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17963-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17964-17084 CBL-Mariner Releases 17960-16820 No Security Update 1.6.6+azure-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17960-16820 CBL-Mariner Releases CBL-Mariner Releases 17961-16823 No Security Update 1.6.18-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17961-16823 CBL-Mariner Releases CBL-Mariner Releases 17962-16823 No Security Update 20.10.14-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17962-16823 CBL-Mariner Releases CBL-Mariner Releases 17963-16823 No Security Update 1.25.5-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17963-16823 CBL-Mariner Releases CBL-Mariner Releases 17964-17084 No Security Update 20.10.25-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17964-17084 CBL-Mariner Releases 1.0 2023-02-21T00:00:00 <p>Information published.</p> 1.1 2023-02-20T00:00:00 <p>Information published.</p> 1.2 2023-02-25T00:00:00 <p>Added moby-containerd to CBL-Mariner 2.0</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> getHostByName Function Information Disclosure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25165 Exposure of Sensitive Information to an Unauthorized Actor 17972-16820 17973-16823 17974-16823 17972-16820 17973-16823 17974-16823 Moderate 17972-16820 Moderate 17973-16823 Moderate 17974-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17972-16820 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17973-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17974-16823 CBL-Mariner Releases 17972-16820 No Security Update 3.4.1-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17972-16820 CBL-Mariner Releases CBL-Mariner Releases 17973-16823 No Security Update 3.10.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17973-16823 CBL-Mariner Releases CBL-Mariner Releases 17974-16823 No Security Update 1.7.3-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17974-16823 CBL-Mariner Releases 1.0 2023-02-17T00:00:00 <p>Information published.</p> 1.1 2023-02-13T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-25193 Allocation of Resources Without Limits or Throttling 17848-16820 17985-16820 17864-16820 17986-16823 17384-16823 18469-17084 17848-16820 17985-16820 17864-16820 17986-16823 17384-16823 18469-17084 Important 17848-16820 Important 17985-16820 Important 17864-16820 Important 17986-16823 Important 17384-16823 Important 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17848-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17985-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17864-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17986-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17384-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18469-17084 CBL-Mariner Releases 17848-16820 No Security Update 60.9.0-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17848-16820 CBL-Mariner Releases CBL-Mariner Releases 17985-16820 No Security Update 3.4.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17985-16820 CBL-Mariner Releases CBL-Mariner Releases 17864-16820 No Security Update 5.12.11-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17864-16820 CBL-Mariner Releases CBL-Mariner Releases 17986-16823 No Security Update 3.4.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17986-16823 CBL-Mariner Releases CBL-Mariner Releases 17384-16823 No Security Update 5.12.11-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17384-16823 CBL-Mariner Releases 1.0 2023-02-13T00:00:00 <p>Information published.</p> 1.1 2023-02-14T00:00:00 <p>Added harfbuzz to CBL-Mariner 1.0</p> 1.2 2026-02-18T01:28:47 <p>Information published.</p> Werkzeug may allow high resource usage when parsing multipart form data with many fields <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25577 Allocation of Resources Without Limits or Throttling 19693-17084 19712-17086 18406-16823 19693-17084 19712-17086 18406-16823 Important 19693-17084 Important 19712-17086 Important 18406-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18406-16823 CBL-Mariner Releases 18406-16823 No Security Update 2.0.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18406-16823 CBL-Mariner Releases 1.1 2026-02-18T15:19:14 <p>Information published.</p> 1.0 2023-02-20T00:00:00 <p>Information published.</p> In Gluster GlusterFS 11.0 there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26253 Out-of-bounds Read 18414-17084 18414-17084 Important 18414-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18414-17084 CBL-Mariner Releases 18414-17084 No Security Update 11.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18414-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> In the Linux kernel before 6.1.13 there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26545 Double Free 17935-16820 17940-16823 17930-16823 17935-16820 17940-16823 17930-16823 Moderate 17935-16820 Moderate 17940-16823 Moderate 17930-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17935-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17940-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17930-16823 CBL-Mariner Releases 17935-16820 No Security Update 5.10.172.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17935-16820 CBL-Mariner Releases CBL-Mariner Releases 17940-16823 17930-16823 No Security Update 5.15.102.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17940-16823 17930-16823 CBL-Mariner Releases 1.0 2023-03-04T00:00:00 <p>Information published.</p> 1.1 2023-03-13T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Sudo before 1.9.13p2 has a double free in the per-command chroot feature. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-27320 Double Free 17926-16820 17937-16823 17926-16820 17937-16823 Important 17926-16820 Important 17937-16823 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17926-16820 7.2 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17937-16823 CBL-Mariner Releases 17926-16820 17937-16823 No Security Update 1.9.13p3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17926-16820 17937-16823 CBL-Mariner Releases 1.0 2023-03-06T00:00:00 <p>Information published.</p> A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2023-0687 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 17077-16820 17348-16823 17077-16820 17348-16823 Critical 17077-16820 Critical 17348-16823 4.6 4.6 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 17077-16820 4.6 4.6 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 17348-16823 CBL-Mariner Releases 17077-16820 No Security Update 2.28-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17077-16820 CBL-Mariner Releases CBL-Mariner Releases 17348-16823 No Security Update 2.35-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17348-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:27 <p>Information published.</p> Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner jenkins Yes CVE-2023-25761 Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) 18403-16823 18403-16823 Moderate 18403-16823 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 18403-16823 CBL-Mariner Releases 18403-16823 No Security Update 4.13-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18403-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:31 <p>Information published.</p> Excessive resource consumption in mime/multipart <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2022-41725 Allocation of Resources Without Limits or Throttling 18315-17084 19679-17084 19785-17086 19778-17086 19668-17086 19712-17086 17667-17084 19697-17084 18442-16820 17017-16820 17375-16823 18445-16823 18446-16823 18447-16823 18448-17084 19693-17084 19762-17084 18315-17084 19679-17084 19785-17086 19778-17086 19668-17086 19712-17086 17667-17084 19697-17084 18442-16820 17017-16820 17375-16823 18445-16823 18446-16823 18447-16823 18448-17084 19693-17084 19762-17084 Important 18315-17084 Important 19679-17084 Important 19785-17086 Important 19778-17086 Important 19668-17086 Important 19712-17086 Important 17667-17084 Important 19697-17084 Important 18442-16820 Important 17017-16820 Important 17375-16823 Important 18445-16823 Important 18446-16823 Important 18447-16823 Important 18448-17084 Important 19693-17084 Important 19762-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19679-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19778-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18442-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17017-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17375-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18445-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18446-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18447-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18448-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19762-17084 CBL-Mariner Releases 19785-17086 19778-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 19778-17086 CBL-Mariner Releases CBL-Mariner Releases 18442-16820 No Security Update 1.17.13-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18442-16820 CBL-Mariner Releases CBL-Mariner Releases 17017-16820 No Security Update 9.1.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17017-16820 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18445-16823 No Security Update 1.19.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18445-16823 CBL-Mariner Releases CBL-Mariner Releases 18446-16823 18448-17084 No Security Update 1.19.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18446-16823 18448-17084 CBL-Mariner Releases CBL-Mariner Releases 18447-16823 No Security Update 11.2.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18447-16823 CBL-Mariner Releases 1.0 2025-09-04T02:53:04 <p>Information published.</p> 1.1 2026-02-18T03:01:29 <p>Information published.</p> Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software allowing attackers to perform HTTP2 attacks. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-31394 Allocation of Resources Without Limits or Throttling 19686-17084 18814-17084 18815-17084 18469-17084 19671-17084 19686-17084 18814-17084 18815-17084 18469-17084 19671-17084 Important 19686-17084 Important 18814-17084 Important 18815-17084 Important 18469-17084 Important 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18814-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18815-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 CBL-Mariner Releases 19686-17084 19671-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19686-17084 19671-17084 CBL-Mariner Releases CBL-Mariner Releases 18814-17084 No Security Update hyper-0.14.25 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18814-17084 CBL-Mariner Releases CBL-Mariner Releases 18815-17084 No Security Update 2022.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18815-17084 CBL-Mariner Releases 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-18T01:50:12 <p>Information published.</p> Double free after calling PEM_read_bio_ex <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2022-4450 Double Free 17859-17084 20011-17086 18666-17084 19686-17084 19671-17084 17941-16820 17942-16820 17918-16820 17945-16823 17919-16823 17944-16823 17946-17084 19662-17086 17093-17086 17859-17084 20011-17086 18666-17084 19686-17084 19671-17084 17941-16820 17942-16820 17918-16820 17945-16823 17919-16823 17944-16823 17946-17084 19662-17086 17093-17086 Important 17859-17084 Important 20011-17086 Important 18666-17084 Important 19686-17084 Important 19671-17084 Important 17941-16820 Important 17942-16820 Important 17918-16820 Important 17945-16823 Important 17919-16823 Important 17944-16823 Important 17946-17084 19662-17086 Important 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17859-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20011-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18666-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17941-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17942-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17918-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17945-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17919-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17944-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17946-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19662-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17093-17086 CBL-Mariner Releases 17859-17084 No Security Update 20240223gitedc6681206c1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 20011-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20011-17086 CBL-Mariner Releases CBL-Mariner Releases 18666-17084 17946-17084 No Security Update 1.0.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18666-17084 17946-17084 CBL-Mariner Releases CBL-Mariner Releases 17941-16820 No Security Update 1.59.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17941-16820 CBL-Mariner Releases CBL-Mariner Releases 17942-16820 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17942-16820 CBL-Mariner Releases CBL-Mariner Releases 17918-16820 No Security Update 22.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17918-16820 CBL-Mariner Releases CBL-Mariner Releases 17945-16823 No Security Update 1.1.1k-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17945-16823 CBL-Mariner Releases CBL-Mariner Releases 17919-16823 No Security Update 30.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17919-16823 CBL-Mariner Releases CBL-Mariner Releases 17944-16823 No Security Update 1.68.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17944-16823 CBL-Mariner Releases 1.0 2023-02-14T00:00:00 <p>Information published.</p> 1.1 2023-02-13T00:00:00 <p>Information published.</p> 1.2 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> 1.4 2024-08-15T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:00:28 <p>Information published.</p> A flaw was found in libXpm. When processing a file with width of 0 and a very large height some parser functions will be called repeatedly and can lead to an infinite loop resulting in a Denial of Service in the application linked to the library. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-44617 Loop with Unreachable Exit Condition ('Infinite Loop') 18291-16823 18291-16823 Important 18291-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18291-16823 CBL-Mariner Releases 18291-16823 No Security Update 3.5.17-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18291-16823 CBL-Mariner Releases 1.0 2023-02-07T00:00:00 <p>Information published.</p> An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function and bound to C-c C-f. Inside the function the external command gem is called through shell-command-to-string but the feature-name parameters are not escaped. Thus malicious Ruby source files may cause commands to be executed. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48338 Improper Neutralization of Special Elements used in a Command ('Command Injection') 18397-16823 18397-16823 Important 18397-16823 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 18397-16823 CBL-Mariner Releases 18397-16823 No Security Update 28.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18397-16823 CBL-Mariner Releases 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2023-03-22T00:00:00 <p>Information published.</p> An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function the parameter file and parameter srcdir come from external input and parameters are not escaped. If a file name or directory name contains shell metacharacters code may be executed. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-48339 Improper Encoding or Escaping of Output 18397-16823 18397-16823 Important 18397-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18397-16823 CBL-Mariner Releases 18397-16823 No Security Update 28.2-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18397-16823 CBL-Mariner Releases 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2023-03-22T00:00:00 <p>Information published.</p> An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-33391 Use After Free 19087-17084 19087-17084 Critical 19087-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19087-17084 CBL-Mariner Releases 19087-17084 No Security Update 5.8.0-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19087-17084 CBL-Mariner Releases 1.0 2023-02-27T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> GSS-NTLMSSP vulnerable to incorrect free when decoding target information <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25565 Free of Memory not on the Heap 18408-17084 18408-17084 Important 18408-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18408-17084 CBL-Mariner Releases 18408-17084 No Security Update 1.3.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18408-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-25567 Out-of-bounds Read 18408-17084 18408-17084 Important 18408-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18408-17084 CBL-Mariner Releases 18408-17084 No Security Update 1.3.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18408-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> Chromium: CVE-2023-0933 Integer overflow in PDF <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.57</td> <td>2/25/2023</td> <td>110.0.5481.177</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0933 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.57 1.0 2023-02-25T08:00:00 <p>Information published.</p> Chromium: CVE-2023-0941 Use after free in Prompts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2023-0941 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.57</td> <td>2/25/2023</td> <td>110.0.5481.177</td> </tr> <tr> <td>109.0.1518.95</td> <td>3/23/2023</td> <td>109.0.5414.129</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0941 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.57 1.0 2023-02-25T08:00:00 <p>Information published.</p> 1.1 2023-04-25T07:00:00 <p>Updated CVE to indicate that the update to address this vulnerability has been addressed in the 109 version of Edge.</p> Chromium: CVE-2023-0930 Heap buffer overflow in Video <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.57</td> <td>2/25/2023</td> <td>110.0.5481.177</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0930 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.57 1.0 2023-02-25T08:00:00 <p>Information published.</p> Chromium: CVE-2023-0927 Use after free in Web Payments API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.57</td> <td>2/25/2023</td> <td>110.0.5481.177</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0927 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.57 1.0 2023-02-25T08:00:00 <p>Information published.</p> Chromium: CVE-2023-0932 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.57</td> <td>2/25/2023</td> <td>110.0.5481.177</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0932 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.57 1.0 2023-02-25T08:00:00 <p>Information published.</p> Chromium: CVE-2023-0929 Use after free in Vulkan <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.57</td> <td>2/25/2023</td> <td>110.0.5481.177</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0929 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.57 1.0 2023-02-25T08:00:00 <p>Information published.</p> Chromium: CVE-2023-0928 Use after free in SwiftShader <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.57</td> <td>2/25/2023</td> <td>110.0.5481.177</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0928 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.57 1.0 2023-02-25T08:00:00 <p>Information published.</p> Chromium: CVE-2023-0931 Use after free in Video <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.57</td> <td>2/25/2023</td> <td>110.0.5481.177</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0931 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.57 1.0 2023-02-25T08:00:00 <p>Information published.</p> Azure DevOps Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does this mean for this vulnerability?</strong></p> <p>Owning an affected domain is not enough to run the attack. For a successful attacker the appropriate variable must be used in the pipeline, and not every pipeline is vulnerable.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is none (UI:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p>The privilege requirement is low because the attack needs to have only Run access to the pipeline.</p> <p>Azure DevOps server is not bound to any network stack or protocol. Communication is on the TCP/IP level and this allows to communicate over the Internet.</p> Azure DevOps Microsoft Yes CVE-2023-21553 Improper Control of Generation of Code ('Code Injection') 12143 Remote Code Execution 12143 Important 12143 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12143 Release Notes file://cpvsbuild/drops/mseng/tfs/Dev18/releases_M181.AzureDevOps2020.1.1public/layouts/x86ret/Tfs2018Sgn_20230124.1/enu/devops/Patch 12143 Maybe Security Update 20230131.3 <a href="https://www.linkedin.com/company/legitsecurity/">Legit Security (LinkedIn)</a> with <a href="https://www.legitsecurity.com/">Legit Security</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability <p><strong>According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must have access to the targeted worker role and the ability to deploy a malicious application within the worker. The attack itself is carried out locally on the worker role where a malicious application has been deployed.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have low effect on availability (A:L). What does that mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability could enable an attacker with the ability to access and modify content of a targeted application or workload leading to major loss of confidentiality and integrity. The attacker cannot fully deny service availability across all infrastructure, hence low effect on availability.</p> Azure App Service Microsoft Yes CVE-2023-21777 Improper Access Control 12154 Elevation of Privilege 12154 Important 12154 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.7 7.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C 12154 Release Notes https://aka.ms/appsvcupdate2302installer 12154 Maybe App Service Installer 98.0.1.703 Denis Faiustov Ruslan Sayfiev 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, the attack is carried over the webpage but it compromises the web server running the page. In addition, the attacker might be able to call victim's local files in the Resources directory and execute Windows commands that are outside of the Dynamics application.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to be able to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Dynamics Microsoft Yes CVE-2023-21778 Improper Neutralization of Special Elements used in a Command ('Command Injection') 12157 Remote Code Execution 12157 Important 12157 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12157 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=102918 12157 Maybe Security Update 4.2.0.51 <a href="https://linkedin.com/in/erik-donker-50a887bb">Erik Donker</a> with <a href="https://vattenfall.com/">Vattenfall</a> | On <a href="https://twitter.com/kire_devs_hacks">Twitter</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-04-14T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could send a specially crafted file to a shared printer. This could result in arbitrary code execution on the system that is sharing the printer.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-21684 Integer Underflow (Wrap or Wraparound) 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 kap0k 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-21529 Deserialization of Untrusted Data 12038 11957 11682 12039 Remote Code Execution 12038 Remote Code Execution 11957 Remote Code Execution 11682 Remote Code Execution 12039 Important 12038 Important 11957 Important 11682 Important 12039 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 5023038 https://www.microsoft.com/download/details.aspx?familyid=68684ee7-ed06-4819-92d4-33b46eb56093 5019758 12038 Yes Security Update 15.02.1118.025 5023038 https://support.microsoft.com/help/5023038 12038 11957 11682 12039 5023038 https://www.microsoft.com/download/details.aspx?familyid=80de331a-fc22-450e-b951-cc3f933897e4 5019758 11957 Yes Security Update 15.02.0986.041 5023038 https://www.microsoft.com/download/details.aspx?familyid=1b7a2ea2-c8af-4ea5-837a-e5a9fcc60bcd 5019758 11682 Yes Security Update 15.00.1497.047 5023038 https://www.microsoft.com/download/details.aspx?familyid=30d02c29-3f58-48b5-8dc6-6b54af690732 5019758 12039 Yes Security Update 15.01.2507.021 Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative Piotr Bazydlo (@chudypb) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> <a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-21794 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 11655 Release Notes 11655 No Security Update 110.0.1587.41 Anonymous 1.0 2023-02-09T08:00:00 <p>Information published.</p> Power BI Report Server Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker would have to send the victim a malicious file that the victim would have to execute.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must have permissions to access the target domain environment to be able to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>There could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies or present the user with a dialog box to enter user credentials.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker cannot fully deny service availability across all infrastructure, hence low effect on availability.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker could modify the contents of a reports file creating the potential opportunity for Java Script to be run as part of the Spoofing vulnerability.</p> Power BI Microsoft Yes CVE-2023-21806 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12161 Spoofing 12161 Important 12161 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C 12161 5023884 https://www.microsoft.com/download/details.aspx?id=55329 12161 Maybe Security Update 15.0.1111.115 Steffen Langenfeld and Sebastian Biehler Andrej Šimko with Accenture 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-03-01T08:00:00 <p>Added an acknowledgement. This is an informational change only.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> Microsoft Dynamics Microsoft Yes CVE-2023-21807 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11664 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 <a href="https://batr.am/">batram</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-04-14T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.2 2023-04-25T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5021522</td> <td>Security update for SQL Server 2022 RTM+GDR (Feb 2023)</td> <td>16.0.1000.6</td> <td>N/A</td> </tr> <tr> <td>5021124</td> <td>Security update for SQL Server 2019 CU18+GDR (Feb 2023)</td> <td>15.0.4003.23 - 15.0.4261.1</td> <td>KB 5017593 – SQL2019 RTM CU18</td> </tr> <tr> <td>5021125</td> <td>Security update for SQL Server 2019 RTM+GDR (Feb 2023)</td> <td>15.0.2000.5 - 15.0.2095.3</td> <td>KB 5014356 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5021126</td> <td>Security update for SQL Server 2017 CU31+GDR (Feb 2023)</td> <td>14.0.3006.16 - 14.0.3456.2</td> <td>KB 5016884 – SQL2017 RTM CU31</td> </tr> <tr> <td>5021127</td> <td>Security update for SQL Server 2017 RTM+GDR (Feb 2023)</td> <td>14.0.1000.169 - 14.0.2042.3</td> <td>KB 5014354 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5021128</td> <td>Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023)</td> <td>13.0.7000.253 - 13.0.7016.1</td> <td>KB 5015371 - Previous Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5021129</td> <td>Security update for SQL Server 2016 SP3+GDR (Feb 2023)</td> <td>13.0.6300.2 - 13.0.6419.1</td> <td>KB 5014355 - Previous SQL2016 SP3 GDR</td> </tr> <tr> <td>5021045</td> <td>Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023)</td> <td>12.0.6205.1 - 12.0.6439.10</td> <td>KB 5014164 – SQL2014 SP3 CU4</td> </tr> <tr> <td>5021037</td> <td>Security update for SQL Server 2014 SP3+GDR (Feb 2023)</td> <td>12.0.6024.0 - 12.0.6169.19</td> <td>KB 5014165 - Previous SQL2014 SP3 GDR</td> </tr> <tr> <td>5021123</td> <td>Security update for SQL Server 2012 SP4+GDR (Feb2023)</td> <td>11.0.7001.0 - 11.0.7507.2</td> <td>KB 4583465 - Previous SQL2012 SP4 GDR</td> </tr> <tr> <td>5021112</td> <td>Security update for SQL Server SQL2008R2 SP3+GDR (Feb2023)</td> <td>10.50.6000.34 - 10.50.6560.0</td> <td>KB 4057113 - Previous SQL2008R2 SP3 GDR</td> </tr> <tr> <td>5020863</td> <td>Security update for SQL Server 2008 SP4+GDR (Feb2023)</td> <td>10.00.6000.29 - 10.00.6556.0</td> <td>KB 4057114 - Previous SQL2008 SP4 GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an un-authenticated user into attempting to connect to a malicious SQL server database via ODBC. This could result in the database returning malicious data that might cause arbitrary code execution on the client.</p> SQL Server Microsoft Yes CVE-2023-21704 Integer Overflow or Wraparound 11478 11667 11671 11672 11821 11825 12048 12053 12146 12145 12147 Remote Code Execution 11478 Remote Code Execution 11667 Remote Code Execution 11671 Remote Code Execution 11672 Remote Code Execution 11821 Remote Code Execution 11825 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12146 Remote Code Execution 12145 Remote Code Execution 12147 Important 11478 Important 11667 Important 11671 Important 11672 Important 11821 Important 11825 Important 12048 Important 12053 Important 12146 Important 12145 Important 12147 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11667 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11671 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11672 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11825 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12146 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 5021127 https://www.microsoft.com/download/details.aspx?familyid=5521de5b-6966-4a1e-808d-93dd89c2240d 5014354 11478 Maybe Security Update 14.0.2047.8 5021037 https://www.microsoft.com/download/details.aspx?familyid=ae1e0ab6-c49c-4ef2-a142-5cb531ef9235 5014165 11667 11671 Maybe Security Update 12.0.6444.4 5021045 https://www.microsoft.com/download/details.aspx?familyid=d7dcf8ea-7219-48a1-941a-23460d9510df 5014164 11672 11825 Maybe Security Update 12.0.6174.8 5021125 https://www.microsoft.com/download/details.aspx?familyid=9bedde5f-de1f-466b-bb67-d2a2d0dfc279 5014356 11821 Maybe Security Update 15.0.2101.7 5021129 https://www.microsoft.com/download/details.aspx?familyid=64412f99-8d5c-47bd-b89a-445b3fd5ce38 5014355 12048 Maybe Security Update 13.0.6430.49 5021128 https://www.microsoft.com/download/details.aspx?familyid=2b43cc11-e9d6-45ed-974b-ff7efb63699c 5015371 12053 Maybe Security Update 13.0.7024.30 5021124 https://www.microsoft.com/download/details.aspx?familyid=32db4259-905f-4462-a2de-b0a0c4b5162b 5014353 12146 Maybe Security Update 15.0.4280.7 5021126 https://www.microsoft.com/download/details.aspx?familyid=d2c2ddec-ab33-4dc5-b2ef-5a9f49d203c6 5014553 12145 Maybe Security Update 14.0.3460.9 5021522 https://www.microsoft.com/download/details.aspx?familyid=2f9ea572-d508-46b7-864f-882932c1ad37 12147 Maybe Security Update 16.0.1050.5 hexb1n 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft SQL Server Remote Code Execution Vulnerability <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5021522</td> <td>Security update for SQL Server 2022 RTM+GDR (Feb 2023)</td> <td>16.0.1000.6</td> <td>N/A</td> </tr> <tr> <td>5021124</td> <td>Security update for SQL Server 2019 CU18+GDR (Feb 2023)</td> <td>15.0.4003.23 - 15.0.4261.1</td> <td>KB 5017593 – SQL2019 RTM CU18</td> </tr> <tr> <td>5021125</td> <td>Security update for SQL Server 2019 RTM+GDR (Feb 2023)</td> <td>15.0.2000.5 - 15.0.2095.3</td> <td>KB 5014356 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5021126</td> <td>Security update for SQL Server 2017 CU31+GDR (Feb 2023)</td> <td>14.0.3006.16 - 14.0.3456.2</td> <td>KB 5016884 – SQL2017 RTM CU31</td> </tr> <tr> <td>5021127</td> <td>Security update for SQL Server 2017 RTM+GDR (Feb 2023)</td> <td>14.0.1000.169 - 14.0.2042.3</td> <td>KB 5014354 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5021128</td> <td>Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023)</td> <td>13.0.7000.253 - 13.0.7016.1</td> <td>KB 5015371 - Previous Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5021129</td> <td>Security update for SQL Server 2016 SP3+GDR (Feb 2023)</td> <td>13.0.6300.2 - 13.0.6419.1</td> <td>KB 5014355 - Previous SQL2016 SP3 GDR</td> </tr> <tr> <td>5021045</td> <td>Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023)</td> <td>12.0.6205.1 - 12.0.6439.10</td> <td>KB 5014164 – SQL2014 SP3 CU4</td> </tr> <tr> <td>5021037</td> <td>Security update for SQL Server 2014 SP3+GDR (Feb 2023)</td> <td>12.0.6024.0 - 12.0.6169.19</td> <td>KB 5014165 - Previous SQL2014 SP3 GDR</td> </tr> <tr> <td>5021123</td> <td>Security update for SQL Server 2012 SP4+GDR (Feb2023)</td> <td>11.0.7001.0 - 11.0.7507.2</td> <td>KB 4583465 - Previous SQL2012 SP4 GDR</td> </tr> <tr> <td>5021112</td> <td>Security update for SQL Server SQL2008R2 SP3+GDR (Feb2023)</td> <td>10.50.6000.34 - 10.50.6560.0</td> <td>KB 4057113 - Previous SQL2008R2 SP3 GDR</td> </tr> <tr> <td>5020863</td> <td>Security update for SQL Server 2008 SP4+GDR (Feb2023)</td> <td>10.00.6000.29 - 10.00.6556.0</td> <td>KB 4057114 - Previous SQL2008 SP4 GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p>The privilege requirement is low because the attacker needs to be authenticated as a normal user.</p> SQL Server Microsoft Yes CVE-2023-21705 Use of Hard-coded Cryptographic Key 11476 11477 11478 11667 11671 11672 11821 11825 12048 12053 12145 12147 12146 Remote Code Execution 11476 Remote Code Execution 11477 Remote Code Execution 11478 Remote Code Execution 11667 Remote Code Execution 11671 Remote Code Execution 11672 Remote Code Execution 11821 Remote Code Execution 11825 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12146 Important 11476 Important 11477 Important 11478 Important 11667 Important 11671 Important 11672 Important 11821 Important 11825 Important 12048 Important 12053 Important 12145 Important 12147 Important 12146 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11476 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11477 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11667 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11671 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11672 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11825 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12146 5021123 4583465 11476 11477 Maybe Security Update 11.0.7512.11 5021127 https://www.microsoft.com/download/details.aspx?familyid=5521de5b-6966-4a1e-808d-93dd89c2240d 5014354 11478 Maybe Security Update 14.0.2047.8 5021037 https://www.microsoft.com/download/details.aspx?familyid=ae1e0ab6-c49c-4ef2-a142-5cb531ef9235 5014165 11667 11671 Maybe Security Update 12.0.6444.4 5021045 https://www.microsoft.com/download/details.aspx?familyid=d7dcf8ea-7219-48a1-941a-23460d9510df 5014164 11672 11825 Maybe Security Update 12.0.6174.8 5021125 https://www.microsoft.com/download/details.aspx?familyid=9bedde5f-de1f-466b-bb67-d2a2d0dfc279 5014356 11821 Maybe Security Update 15.0.2101.7 5021129 https://www.microsoft.com/download/details.aspx?familyid=64412f99-8d5c-47bd-b89a-445b3fd5ce38 5014355 12048 Maybe Security Update 13.0.6430.49 5021128 https://www.microsoft.com/download/details.aspx?familyid=2b43cc11-e9d6-45ed-974b-ff7efb63699c 5015371 12053 Maybe Security Update 13.0.7024.30 5021126 https://www.microsoft.com/download/details.aspx?familyid=d2c2ddec-ab33-4dc5-b2ef-5a9f49d203c6 5014553 12145 Maybe Security Update 14.0.3460.9 5021522 https://www.microsoft.com/download/details.aspx?familyid=2f9ea572-d508-46b7-864f-882932c1ad37 12147 Maybe Security Update 16.0.1050.5 5021124 https://www.microsoft.com/download/details.aspx?familyid=32db4259-905f-4462-a2de-b0a0c4b5162b 5014353 12146 Maybe Security Update 15.0.4280.7 <p>SQL <a href="https://learn.microsoft.com/en-us/sql/data-quality-services/data-quality-client-application?view=sql-server-ver16">Data Quality Services</a> enables you to build a knowledge base and use it to perform a variety of critical data quality tasks. The vulnerability is only exploitable if this optional feature is enabled and running on an SQL instance. Additionally, the feature is not available in Azure SQL instances.</p> <a href="https://twitter.com/arudd1ck">Andrew Ruddick</a> with Microsoft Security Response Center 1.0 2023-02-14T08:00:00 <p>Information published.</p> 2.0 2023-02-16T08:00:00 <p>Updated the Security Updates table to include the Extended Support (ESU) products: Microsoft SQL Server 2012 Service Pack 4.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-21706 Deserialization of Untrusted Data 12038 12039 11957 11682 Remote Code Execution 12038 Remote Code Execution 12039 Remote Code Execution 11957 Remote Code Execution 11682 Important 12038 Important 12039 Important 11957 Important 11682 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 5023038 https://www.microsoft.com/download/details.aspx?familyid=68684ee7-ed06-4819-92d4-33b46eb56093 5019758 12038 Yes Security Update 15.02.1118.025 5023038 https://support.microsoft.com/help/5023038 12038 12039 11957 11682 5023038 https://www.microsoft.com/download/details.aspx?familyid=30d02c29-3f58-48b5-8dc6-6b54af690732 5019758 12039 Yes Security Update 15.01.2507.021 5023038 https://www.microsoft.com/download/details.aspx?familyid=80de331a-fc22-450e-b951-cc3f933897e4 5019758 11957 Yes Security Update 15.02.0986.041 5023038 https://www.microsoft.com/download/details.aspx?familyid=1b7a2ea2-c8af-4ea5-837a-e5a9fcc60bcd 5019758 11682 Yes Security Update 15.00.1497.047 <a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p> <p>Yes, the attacker must be authenticated.</p> <p><strong>Why are there new updates associated with this CVE?</strong></p> <p>We are re-releasing this CVE to inform customers that there are new updates to install for this vulnerability. A small subset of customers were experiencing problems with Exchange Web Services due to the updates that were released in February. The new updates address these problems. Customers who are experiencing issues with the February updates are encouraged to install the March Exchange Server updates listed in the Security Updates table.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-21707 Deserialization of Untrusted Data 12039 12038 11957 11682 Remote Code Execution 12039 Remote Code Execution 12038 Remote Code Execution 11957 Remote Code Execution 11682 Important 12039 Important 12038 Important 11957 Important 11682 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11682 5024296 https://www.microsoft.com/download/details.aspx?familyid=6a698863-565b-4194-9647-07dd169c051f 5023038 12039 Yes Security Update 15.01.2507.023 5024296 https://www.microsoft.com/download/details.aspx?familyid=8d6cc411-a684-4733-8d70-05b19190c7ed 5023038 12038 Yes Security Update 15.02.1118.026 5024296 https://www.microsoft.com/download/details.aspx?familyid=0b09e9ba-6921-4334-866f-19915eb8ec8a 5023038 11957 Yes Security Update 15.02.0986.042 5024296 https://www.microsoft.com/download/details.aspx?familyid=31b4713d-6c52-4ed4-a140-288608a3693d 5023038 11682 Yes Security Update 15.00.1497.048 <a href="https://twitter.com/testanull">Nguyễn Tiến Giang (Jang)</a> with <a href="https://twitter.com/starlabs_sg">STAR Labs SG Pte. Ltd.</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> 2.0 2023-03-09T08:00:00 <p>Updated CVE to announce re-release of security updates. Please see FAQ section for more information.</p> Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an un-authenticated user into attempting to connect to a malicious SQL server database via ODBC. This could result in the database returning malicious data that might cause arbitrary code execution on the client.</p> SQL Server Microsoft Yes CVE-2023-21718 Integer Underflow (Wrap or Wraparound) 11476 11477 11478 11667 11671 11672 11821 11825 12048 12053 12145 12147 12146 11487 11474 11488 11486 Remote Code Execution 11476 Remote Code Execution 11477 Remote Code Execution 11478 Remote Code Execution 11667 Remote Code Execution 11671 Remote Code Execution 11672 Remote Code Execution 11821 Remote Code Execution 11825 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12146 Remote Code Execution 11487 Remote Code Execution 11474 Remote Code Execution 11488 Remote Code Execution 11486 Important 11476 Important 11477 Important 11478 Important 11667 Important 11671 Important 11672 Important 11821 Important 11825 Important 12048 Important 12053 Important 12145 Important 12147 Important 12146 Important 11487 Important 11474 Important 11488 Important 11486 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11476 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11477 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11667 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11671 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11672 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11825 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12146 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11487 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11474 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11488 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11486 5021123 4583465 11476 11477 Maybe Security Update 11.0.7512.11 5021127 https://www.microsoft.com/download/details.aspx?familyid=5521de5b-6966-4a1e-808d-93dd89c2240d 5014354 11478 Maybe Security Update 14.0.2047.8 5021037 https://www.microsoft.com/download/details.aspx?familyid=ae1e0ab6-c49c-4ef2-a142-5cb531ef9235 5014165 11667 11671 Maybe Security Update 12.0.6444.4 5021045 https://www.microsoft.com/download/details.aspx?familyid=d7dcf8ea-7219-48a1-941a-23460d9510df 5014164 11672 11825 Maybe Security Update 12.0.6174.8 5021125 https://www.microsoft.com/download/details.aspx?familyid=9bedde5f-de1f-466b-bb67-d2a2d0dfc279 5014356 11821 Maybe Security Update 15.0.2101.7 5021129 https://www.microsoft.com/download/details.aspx?familyid=64412f99-8d5c-47bd-b89a-445b3fd5ce38 5014355 12048 Maybe Security Update 13.0.6430.49 5021128 https://www.microsoft.com/download/details.aspx?familyid=2b43cc11-e9d6-45ed-974b-ff7efb63699c 5015371 12053 Maybe Security Update 13.0.7024.30 5021126 https://www.microsoft.com/download/details.aspx?familyid=d2c2ddec-ab33-4dc5-b2ef-5a9f49d203c6 5014553 12145 Maybe Security Update 14.0.3460.9 5021522 https://www.microsoft.com/download/details.aspx?familyid=2f9ea572-d508-46b7-864f-882932c1ad37 12147 Maybe Security Update 16.0.1050.5 5021124 https://www.microsoft.com/download/details.aspx?familyid=32db4259-905f-4462-a2de-b0a0c4b5162b 5014353 12146 Maybe Security Update 15.0.4280.7 5021112 4057113 11487 11486 Maybe Security Update 10.50.6785.2 5020863 4057114 11474 11488 Maybe Security Update 10.0.6814.4 Anonymous 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-02-18T08:00:00 <p>Updated the severity of the products in the Security Updates table. This is an informational change only.</p> Microsoft SQL Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5021522</td> <td>Security update for SQL Server 2022 RTM+GDR (Feb 2023)</td> <td>16.0.1000.6</td> <td>N/A</td> </tr> <tr> <td>5021124</td> <td>Security update for SQL Server 2019 CU18+GDR (Feb 2023)</td> <td>15.0.4003.23 - 15.0.4261.1</td> <td>KB 5017593 – SQL2019 RTM CU18</td> </tr> <tr> <td>5021125</td> <td>Security update for SQL Server 2019 RTM+GDR (Feb 2023)</td> <td>15.0.2000.5 - 15.0.2095.3</td> <td>KB 5014356 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5021126</td> <td>Security update for SQL Server 2017 CU31+GDR (Feb 2023)</td> <td>14.0.3006.16 - 14.0.3456.2</td> <td>KB 5016884 – SQL2017 RTM CU31</td> </tr> <tr> <td>5021127</td> <td>Security update for SQL Server 2017 RTM+GDR (Feb 2023)</td> <td>14.0.1000.169 - 14.0.2042.3</td> <td>KB 5014354 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5021128</td> <td>Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023)</td> <td>13.0.7000.253 - 13.0.7016.1</td> <td>KB 5015371 - Previous Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5021129</td> <td>Security update for SQL Server 2016 SP3+GDR (Feb 2023)</td> <td>13.0.6300.2 - 13.0.6419.1</td> <td>KB 5014355 - Previous SQL2016 SP3 GDR</td> </tr> <tr> <td>5021045</td> <td>Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023)</td> <td>12.0.6205.1 - 12.0.6439.10</td> <td>KB 5014164 – SQL2014 SP3 CU4</td> </tr> <tr> <td>5021037</td> <td>Security update for SQL Server 2014 SP3+GDR (Feb 2023)</td> <td>12.0.6024.0 - 12.0.6169.19</td> <td>KB 5014165 - Previous SQL2014 SP3 GDR</td> </tr> <tr> <td>5021123</td> <td>Security update for SQL Server 2012 SP4+GDR (Feb2023)</td> <td>11.0.7001.0 - 11.0.7507.2</td> <td>KB 4583465 - Previous SQL2012 SP4 GDR</td> </tr> <tr> <td>5021112</td> <td>Security update for SQL Server SQL2008R2 SP3+GDR (Feb2023)</td> <td>10.50.6000.34 - 10.50.6560.0</td> <td>KB 4057113 - Previous SQL2008R2 SP3 GDR</td> </tr> <tr> <td>5020863</td> <td>Security update for SQL Server 2008 SP4+GDR (Feb2023)</td> <td>10.00.6000.29 - 10.00.6556.0</td> <td>KB 4057114 - Previous SQL2008 SP4 GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2023-21528 Heap-based Buffer Overflow 12053 11821 12048 11671 11667 11672 11476 11478 11477 11825 12145 12146 11488 11486 11487 11474 12147 Remote Code Execution 12053 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 11671 Remote Code Execution 11667 Remote Code Execution 11672 Remote Code Execution 11476 Remote Code Execution 11478 Remote Code Execution 11477 Remote Code Execution 11825 Remote Code Execution 12145 Remote Code Execution 12146 Remote Code Execution 11488 Remote Code Execution 11486 Remote Code Execution 11487 Remote Code Execution 11474 Remote Code Execution 12147 Important 12053 Important 11821 Important 12048 Important 11671 Important 11667 Important 11672 Important 11476 Important 11478 Important 11477 Important 11825 Important 12145 Important 12146 Important 11488 Important 11486 Important 11487 Important 11474 Important 12147 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11671 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11667 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11672 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11476 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11477 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11825 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12146 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11488 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11486 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11487 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11474 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 5021128 https://www.microsoft.com/download/details.aspx?familyid=2b43cc11-e9d6-45ed-974b-ff7efb63699c 5015371 12053 Maybe Security Update 13.0.7024.30 5021125 https://www.microsoft.com/download/details.aspx?familyid=9bedde5f-de1f-466b-bb67-d2a2d0dfc279 5014356 11821 Maybe Security Update 15.0.2101.7 5021129 https://www.microsoft.com/download/details.aspx?familyid=64412f99-8d5c-47bd-b89a-445b3fd5ce38 5014355 12048 Maybe Security Update 13.0.6430.49 5021037 https://www.microsoft.com/download/details.aspx?familyid=ae1e0ab6-c49c-4ef2-a142-5cb531ef9235 5014165 11671 11667 Maybe Security Update 12.0.6444.4 5021045 https://www.microsoft.com/download/details.aspx?familyid=d7dcf8ea-7219-48a1-941a-23460d9510df 5014164 11672 11825 Maybe Security Update 12.0.6174.8 5021123 4583465 11476 11477 Maybe Security Update 11.0.7512.11 5021127 https://www.microsoft.com/download/details.aspx?familyid=5521de5b-6966-4a1e-808d-93dd89c2240d 5014354 11478 Maybe Security Update 14.0.2047.8 5021126 https://www.microsoft.com/download/details.aspx?familyid=d2c2ddec-ab33-4dc5-b2ef-5a9f49d203c6 5014553 12145 Maybe Security Update 14.0.3460.9 5021124 https://www.microsoft.com/download/details.aspx?familyid=32db4259-905f-4462-a2de-b0a0c4b5162b 5014353 12146 Maybe Security Update 15.0.4280.7 5020863 4057114 11488 11474 Maybe Security Update 10.0.6814.4 5021112 4057113 11486 11487 Maybe Security Update 10.50.6785.2 5021522 https://www.microsoft.com/download/details.aspx?familyid=2f9ea572-d508-46b7-864f-882932c1ad37 12147 Maybe Security Update 16.0.1050.5 Nicolas Joly of MSRC 1.0 2023-02-14T08:00:00 <p>Information published.</p> 2.0 2023-02-16T08:00:00 <p>Updated the Security Updates table to include the Extended Support (ESU) products: Microsoft SQL Server 2008 Service Pack 4, Microsoft SQL Server 2008 R2 Service Pack 3 and Microsoft SQL Server 2012 Service Pack 4.</p> Microsoft Defender for Endpoint Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Windows Defender Attack Surface Reduction blocking feature.</p> <p><strong>How can I check if I'm protected from this vulnerability?</strong></p> <p>This vulnerability existed in the Defender Security Intelligence Updates and not the Malware protection engine. The version of the signatures that addressed the vulnerability is 1.379.200.0 and was updated automatically. Check the current version in <strong>Windows Update history Definition Updates</strong> to see the most recently installed definitions.</p> Microsoft Defender for Endpoint Microsoft Yes CVE-2023-21809 12162 Security Feature Bypass 12162 Important 12162 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12162 Release Notes 12162 No Security Update 1.379.200.0 Tobias Johansson with <a href="https://www.crayon.com/">Crayon</a> Kevin with Crayon 1.1 2023-02-21T08:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Visual Studio Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Visual Studio Microsoft Yes CVE-2023-21566 External Control of File Name or Path 12051 11600 12129 11969 11935 Elevation of Privilege 12051 Elevation of Privilege 11600 Elevation of Privilege 12129 Elevation of Privilege 11969 Elevation of Privilege 11935 Important 12051 Important 11600 Important 12129 Important 11969 Important 11935 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11969 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.13 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.52 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.5 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.19 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.24 <a href="https://twitter.com/filip_dragovic">Filip Dragovic</a> with Infigo IS 1.0 2023-02-14T08:00:00 <p>Information published.</p> Visual Studio Denial of Service Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a local user executes the Visual Studio installer</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could affect the integrity by is replacing one file with another.</p> Visual Studio Microsoft Yes CVE-2023-21567 Improper Link Resolution Before File Access ('Link Following') 12051 11969 11935 11600 12129 Denial of Service 12051 Denial of Service 11969 Denial of Service 11935 Denial of Service 11600 Denial of Service 12129 Important 12051 Important 11969 Important 11935 Important 11600 Important 12129 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C 12051 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C 11969 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C 11935 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C 11600 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C 12129 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.13 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.19 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.24 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.52 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.5 <a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="https://www.iie.ac.cn/">VARAS@IIE</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.</p> SQL Server Microsoft Yes CVE-2023-21568 Deserialization of Untrusted Data 12164 12165 Remote Code Execution 12164 Remote Code Execution 12165 Important 12164 Important 12165 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12164 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12165 Release Notes https://marketplace.visualstudio.com/items?itemName=SSIS.SqlServerIntegrationServicesProjects&ssr=false#overview 12164 Maybe Security Update 16.0.5035.3 Release Notes https://marketplace.visualstudio.com/items?itemName=SSIS.MicrosoftDataToolsIntegrationServices&ssr=false#overview 12165 Maybe Security Update 16.0.5035.3 <a href="https://twitter.com/arudd1ck">Andrew Ruddick</a> with Microsoft Security Response Center 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-02-21T08:00:00 <p>In the Security Updates table, removed the versions of SQL Server that are not affected by this vulnerability, which is in the Microsoft SQL Server Integration Service (VS extension).</p> 1.2 2023-02-23T08:00:00 <p>Added FAQ information. This is an informational change only.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> Microsoft Dynamics Microsoft Yes CVE-2023-21570 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 <a href="https://batr.am/">batram</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> Microsoft Dynamics Microsoft Yes CVE-2023-21571 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 <a href="https://batr.am/">batram</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker cannot fully deny service availability across all infrastructure, hence low effect on availability.</p> Microsoft Dynamics Microsoft Yes CVE-2023-21572 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 11921 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 11664 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 <a href="https://batr.am/">batram</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft Dynamics Microsoft Yes CVE-2023-21573 11921 11664 Spoofing 11921 Spoofing 11664 Important 11921 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11664 5023505 https://www.microsoft.com/en-us/download/details.aspx?id=105002 11921 Maybe Security Update 9.1.16.20 5023506 https://www.microsoft.com/en-us/download/details.aspx?id=105001 11664 Maybe Security Update 9.0.45.11 <a href="https://batr.am/">batram</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is 8.3?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would need to click on a specially crafted URL that could present a popup box requesting additional user input.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-23374 11815 Remote Code Execution 11815 Moderate 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.3 7.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 110.0.1587.41 Anonymous 1.0 2023-02-09T08:00:00 <p>Information published.</p> Print 3D Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Where do I find the update for Print 3D?</strong></p> <p>Microsoft is not planning on fixing this vulnerability in Print 3D as the app has been deprecated along with Windows 10 version 1903. The deprecation was announced here: <a href="https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features">https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features</a> Microsoft recommends upgrading to the 3D Builder app.</p> 3D Builder Microsoft Yes CVE-2023-23378 Heap-based Buffer Overflow 12151 Remote Code Execution 12151 Important 12151 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C 12151 More Information 12151 Maybe Security Update 3.3.791 Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Defender for IoT Elevation of Privilege Vulnerability <p><strong>What is the action required to take the update?</strong></p> <p>You need to update to the latest Microsoft Defender for IoT software version. See the <strong>Update the software version section</strong> of <a href="https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console#update-the-software-version">Manage the on-premises management console</a>.</p> <p><strong>What is Microsoft Defender for IoT?</strong></p> <p>Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See <a href="https://azure.microsoft.com/en-us/services/azure-defender-for-iot/#overview">Microsoft Defender for IoT</a> for more information.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must be an authenticated user logged in on the targeted <a href="https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console?tabs=windows">Defender for IOT Management Console</a> in order to exploit this vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must authenticate and be assigned the role of a <a href="https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/roles-on-premises#on-premises-user-roles">Security Analyst or Administrator</a> to exploit this vulnerability.</p> Microsoft Defender for IoT Microsoft Yes CVE-2023-23379 Relative Path Traversal 11967 Elevation of Privilege 11967 Important 11967 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11967 Release Notes https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console#update-the-software-version 11967 Maybe Security Update 22.3.6 Yiming Xiang with <a href="https://www.nsfocus.cn/">NSFOCUS TIANJI LAB</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-04-14T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.2 2023-04-18T07:00:00 <p>Added an FAQ and updated the CVSS score. This is an informational change only.</p> Azure Machine Learning Compute Instance Information Disclosure Vulnerability <p><strong>How do I check my Azure Machine Learning Compute Instance runtime version?</strong></p> <p>To determine your runtime version, make a GET compute rest API call for your compute instance, then check the response. You can find the runtime version from field *versions.runtime. *</p> <p>Please view additional details here: <a href="https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/get">https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/get</a></p> <p><strong>How do I update my Azure Machine Learning Compute Instance runtime version?</strong></p> <p>Please reference the guidance provided here: <a href="https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/update">https://learn.microsoft.com/en-us/rest/api/azureml/2023-04-01/compute/update</a></p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker that successfully exploited this vulnerability could recover any data that is put in the system logs on the Compute Instance including cleartext passwords.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must be authenticated and have read privileges to the logs which may contain sensitive information such as cleartext passwords. It does not require admin or other elevated privileges.</p> Azure Machine Learning Microsoft Yes CVE-2023-23382 Storing Passwords in a Recoverable Format 12152 Information Disclosure 12152 Important 12152 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12152 Release Notes https://learn.microsoft.com/en-us/rest/api/azureml/2022-10-01/compute/update?tabs=HTTP 12152 Yes Security Update 3.0.02076.0001 Nitesh Surana (@_niteshsurana) of Project Nebula <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-04-14T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.2 2023-08-22T07:00:00 <p>Corrected one or more links in the FAQ. This is an informational change only.</p> Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability Windows Protected EAP (PEAP) Microsoft Yes CVE-2023-21701 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Tampering Vulnerability <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the user to click on a malicious URL or an embedded link in an email message which could lead to denial of service (DOS) or the Browser to crash.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-21720 Buffer Over-read 11655 Tampering 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.3 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11655 Release Notes 11655 No Security Update 109.0.15.18.78 <a href="https://infosec.exchange/@firstyear">William Brown</a> with <a href="https://www.suse.com/">SUSE</a> 1.0 2023-02-03T08:00:00 <p>Information published.</p> Chromium: CVE-2023-0705 Integer overflow in Core <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0705 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:48 <p>Information published.</p> Chromium: CVE-2023-0704 Insufficient policy enforcement in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0704 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:44 <p>Information published.</p> Chromium: CVE-2023-0703 Type Confusion in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0703 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:40 <p>Information published.</p> Chromium: CVE-2023-0702 Type Confusion in Data Transfer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0702 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:36 <p>Information published.</p> Chromium: CVE-2023-0701 Heap buffer overflow in WebUI <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0701 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:33 <p>Information published.</p> Chromium: CVE-2023-0700 Inappropriate implementation in Download <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0700 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:29 <p>Information published.</p> Chromium: CVE-2023-0699 Use after free in GPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0699 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:25 <p>Information published.</p> Chromium: CVE-2023-0698 Out of bounds read in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0698 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:22 <p>Information published.</p> Chromium: CVE-2023-0697 Inappropriate implementation in Full screen mode <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0697 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:17 <p>Information published.</p> Chromium: CVE-2023-0696 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>110.0.1587.41</td> <td>2/9/2023</td> <td>110.0.5481.78</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-0696 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 110.0.1587.41 1.0 2023-02-09T20:57:13 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Windows ODBC Driver Microsoft Yes CVE-2023-21797 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 Anonymous 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Windows ODBC Driver Microsoft Yes CVE-2023-21798 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 Anonymous 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2023-21799 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 Anonymous 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Installer Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Installer Microsoft Yes CVE-2023-21800 External Control of File Name or Path 9312 10287 9318 9344 10051 10049 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 <a href="https://twitter.com/a_denkiewicz">Adrian Denkiewicz</a> with <a href="https://doyensec.com/">Doyensec</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-21801 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 kap0k 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Media Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2023-21802 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows iSCSI Discovery Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by sending a specially crafted malicious DHCP discovery request to the iSCSI Discovery Service on 32-bit machines. An attacker who successfully exploited the vulnerability could then gain the ability to execute code on the target system.</p> Windows iSCSI Microsoft Yes CVE-2023-21803 Integer Overflow or Wraparound 11568 11801 11929 12099 10729 10852 9312 10287 Remote Code Execution 11568 Remote Code Execution 11801 Remote Code Execution 11929 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10852 Remote Code Execution 9312 Remote Code Execution 10287 Critical 11568 Critical 11801 Critical 11929 Critical 12099 Critical 10729 Critical 10852 Critical 9312 Critical 10287 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11929 12099 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 Yes Security Update 10.0.19044.2604 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> may be helpful in your situation:</p> <p>By default the iSCSI Initiator client application is disabled, in this state an attacker cannot exploit this vulnerability. For a system to be vulnerable, the iSCSI Initiator client application would need to be enabled.</p> <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</p> <p>Only x86 or 32-bit based versions of Windows are affected by this vulnerability.</p> <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2023-21804 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</p> <p>Only Windows computers that have the XPS document writer feature installed are vulnerable to this exploit. On Windows 10 the XPS Document Writer is installed by default. The XPS Document Writer feature is not installed by default on Windows 11.</p> lm0963 with From TianGong Team of Legendsec at Qi&#39;anxin Group 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows MSHTML Platform Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows MSHTML Platform Microsoft Yes CVE-2023-21805 Improper Neutralization of Special Elements used in a Command ('Command Injection') 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022835 5019958 9312 10287 9318 9344 10051 10049 10378 10379 Yes IE Cumulative 1.1.0.0 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 5022835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022835 5019958 10483 10543 IE Cumulative 6.3.9600.20818 Eduardo Braun Prado working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.1 2023-03-02T08:00:00 <p>Updated links to security updates. This is an informational change only.</p> 1.0 2023-02-14T08:00:00 <p>Information published.</p> .NET and Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metrics, there are multiple scores. Why does the CVE have different scores and different severities for different products?</strong></p> <p>There are different scores depending on the product due to the way symbols are read and parsed. Visual Studio has the ability to automatically query symbol servers while .NET only uses symbols present on the disk, requiring the user to manually query the symbol.</p> .NET and Visual Studio Microsoft Yes CVE-2023-21808 Use After Free 11935 11969 11600 12129 12051 10577 10566 12130 12009 11970 11676-11568 11676-11923 11676-11572 11676-11802 11676-11801 11676-11926 11676-11930 11676-11927 11676-11931 11676-11929 11677-11568 11677-11570 11677-11569 11677-11571 11677-11572 11863-10049 11863-10379 11863-10378 11650-10543 11650-10051 11676-11924 11863-10543 11863-10483 11650-10483 11863-10051 11650-10379 12079-11924 12079-11923 12079-11801 12079-11802 12079-11926 12079-11929 12079-11927 12079-11930 12079-11931 12079-12085 12079-12086 12079-12098 12079-12099 12115-9312 12115-10287 12115-9318 12115-9344 12128-10729 12128-10735 11650-10049 11676-11571 11676-11569 11650-10378 11677-10855 11676-10852 12079-12097 11676-12097 11677-10853 11676-12098 11676-10853 11676-10816 11677-10852 11676-10855 11677-10816 11676-12099 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 11600 Remote Code Execution 12129 Remote Code Execution 12051 Remote Code Execution 10577 Remote Code Execution 10566 Remote Code Execution 12130 Remote Code Execution 12009 Remote Code Execution 11970 Remote Code Execution 11676-11568 Remote Code Execution 11676-11923 Remote Code Execution 11676-11572 Remote Code Execution 11676-11802 Remote Code Execution 11676-11801 Remote Code Execution 11676-11926 Remote Code Execution 11676-11930 Remote Code Execution 11676-11927 Remote Code Execution 11676-11931 Remote Code Execution 11676-11929 Remote Code Execution 11677-11568 Remote Code Execution 11677-11570 Remote Code Execution 11677-11569 Remote Code Execution 11677-11571 Remote Code Execution 11677-11572 Remote Code Execution 11863-10049 Remote Code Execution 11863-10379 Remote Code Execution 11863-10378 Remote Code Execution 11650-10543 Remote Code Execution 11650-10051 Remote Code Execution 11676-11924 Remote Code Execution 11863-10543 Remote Code Execution 11863-10483 Remote Code Execution 11650-10483 Remote Code Execution 11863-10051 Remote Code Execution 11650-10379 Remote Code Execution 12079-11924 Remote Code Execution 12079-11923 Remote Code Execution 12079-11801 Remote Code Execution 12079-11802 Remote Code Execution 12079-11926 Remote Code Execution 12079-11929 Remote Code Execution 12079-11927 Remote Code Execution 12079-11930 Remote Code Execution 12079-11931 Remote Code Execution 12079-12085 Remote Code Execution 12079-12086 Remote Code Execution 12079-12098 Remote Code Execution 12079-12099 Remote Code Execution 12115-9312 Remote Code Execution 12115-10287 Remote Code Execution 12115-9318 Remote Code Execution 12115-9344 Remote Code Execution 12128-10729 Remote Code Execution 12128-10735 Remote Code Execution 11650-10049 Remote Code Execution 11676-11571 Remote Code Execution 11676-11569 Remote Code Execution 11650-10378 Remote Code Execution 11677-10855 Remote Code Execution 11676-10852 Remote Code Execution 12079-12097 Remote Code Execution 11676-12097 Remote Code Execution 11677-10853 Remote Code Execution 11676-12098 Remote Code Execution 11676-10853 Remote Code Execution 11676-10816 Remote Code Execution 11677-10852 Remote Code Execution 11676-10855 Remote Code Execution 11677-10816 Remote Code Execution 11676-12099 Critical 11935 Critical 11969 Critical 11600 Critical 12129 Critical 12051 Critical 10577 Critical 10566 Critical 12130 Critical 12009 Important 11970 Important 11676-11568 Important 11676-11923 Important 11676-11572 Important 11676-11802 Important 11676-11801 Important 11676-11926 Important 11676-11930 Important 11676-11927 Important 11676-11931 Important 11676-11929 Important 11677-11568 Important 11677-11570 Important 11677-11569 Important 11677-11571 Important 11677-11572 Important 11863-10049 Important 11863-10379 Important 11863-10378 Important 11650-10543 Important 11650-10051 Important 11676-11924 Important 11863-10543 Important 11863-10483 Important 11650-10483 Important 11863-10051 Important 11650-10379 Important 12079-11924 Important 12079-11923 Important 12079-11801 Important 12079-11802 Important 12079-11926 Important 12079-11929 Important 12079-11927 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12098 Important 12079-12099 Important 12115-9312 Important 12115-10287 Important 12115-9318 Important 12115-9344 Important 12128-10729 Important 12128-10735 Important 11650-10049 Important 11676-11571 Important 11676-11569 Important 11650-10378 Important 11677-10855 Important 11676-10852 Important 12079-12097 Important 11676-12097 Important 11677-10853 Important 11676-12098 Important 11676-10853 Important 11676-10816 Important 11677-10852 Important 11676-10855 Important 11677-10816 Important 11676-12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11969 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10566 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12130 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12009 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11970 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12128-10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.24 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.19 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.52 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.5 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.13 5025792 https://aka.ms/vs/14/release/5025792 10577 Maybe Security Update 14.0.27555.0 5026610 https://aka.ms/vs/12/release/5026610 10566 Maybe Security Update 12.0.40700.0 5023286 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.3 5023288 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.14 Release Notes https://github.com/PowerShell/Announcements/issues/38 11970 Maybe Security Update 7.2.10 5022782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022504 5018542, 5021085 11676-11568 11676-11572 11676-11571 11676-11569 Maybe Security Update 10.0.04614.06 5022782 https://support.microsoft.com/help/5022782 11676-11568 11676-11572 11677-11568 11677-11570 11677-11569 11677-11571 11677-11572 11676-11571 11676-11569 5022735 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022507 5018551, 5021095 11676-11923 11676-11924 Maybe Security Update 10.0.04614.06 5022735 https://support.microsoft.com/help/5022735 11676-11923 11676-11924 12079-11924 12079-11923 5022727 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022502 5018543, 5021086, 5022474 11676-11802 11676-11801 Maybe Security Update 10.0.04614.06 5022727 https://support.microsoft.com/help/5022727 11676-11802 11676-11801 12079-11801 12079-11802 5022730 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022505 5018546, 5021090, 5022479 11676-11926 11676-11927 Maybe Security Update 10.0.4614.06 5022730 https://support.microsoft.com/help/5022730 11676-11926 11676-11927 12079-11926 12079-11927 5022728 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022502 5018545, 5021088, 5022476 11676-11930 11676-11929 Maybe Security Update 10.0.04614.06 5022728 https://support.microsoft.com/help/5022728 11676-11930 11676-11931 11676-11929 12079-11929 12079-11930 12079-11931 5022728 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022502 5018545, 5021088, 5022476 11676-11931 Maybe Monthly Rollup 10.0.04614.06 5022782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022511 5018542, 5021085 11677-11568 11677-11570 11677-11569 11677-11571 11677-11572 Maybe Security Update 10.0.04038.03 5022731 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022515 5018547, 5021091 11863-10049 11863-10051 Maybe Monthly Rollup 4.7.04614.08 5022731 https://support.microsoft.com/help/5022731 11863-10049 11650-10051 11863-10051 11650-10049 5022783 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022526 11863-10049 11863-10051 Maybe Security Only 4.7.04038.05 5022783 https://support.microsoft.com/help/5022783 11863-10049 11650-10051 11863-10051 11650-10049 5022732 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022512 5018548, 5021092 11863-10379 11863-10378 Maybe Monthly Rollup 4.7.04038.03 5022732 https://support.microsoft.com/help/5022732 11863-10379 11863-10378 11650-10379 11650-10378 5022784 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022522 11863-10379 11863-10378 Maybe Security Only 4.7.04038.02 5022784 https://support.microsoft.com/help/5022784 11863-10379 11863-10378 11650-10379 11650-10378 5022733 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022508 5018549, 5021093 11650-10543 11650-10483 Maybe Monthly Rollup 4.8.04614.05 5022733 https://support.microsoft.com/help/5022733 11650-10543 11863-10543 11863-10483 11650-10483 5022785 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022516 11650-10543 11650-10483 Maybe Security Only 4.8.04614.03 5022785 https://support.microsoft.com/help/5022785 11650-10543 11863-10543 11863-10483 11650-10483 5022731 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022509 5018547, 5021091 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.4614.08 5022783 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022520 11650-10051 11650-10049 Maybe Security Only 4.8.4614.07 5022733 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022513 5018549, 5021093 11863-10543 11863-10483 Maybe Monthly Rollup 4.7.04038.03 5022785 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022524 11863-10543 11863-10483 Maybe Security Only 4.7.04038.02 5022732 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022506 5018548, 5021092 11650-10379 11650-10378 Maybe Monthly Rollup 4.8.04614.05 5022784 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022514 11650-10379 11650-10378 Maybe Security Only 4.8.04614.03 5022735 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022501 5018551, 5021095 12079-11924 12079-11923 Maybe Security Update 10.0.09139.02 5022727 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022498 5018543, 5021086, 5022474 12079-11801 12079-11802 Maybe Security Update 10.0.09139.02 5022730 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022499 5018546, 5021090, 5022479 12079-11926 12079-11927 Maybe Security Update 10.0.09139.02 5022728 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022498 5018545, 5021088, 5022476 12079-11929 12079-11930 12079-11931 Maybe Security Update 10.0.09139.02 5022729 https://support.microsoft.com/help/5022729 11676-11930 11676-11931 11676-11929 12079-11929 12079-11930 12079-11931 5022497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022497 5020880, 5022404 12079-12085 12079-12086 Maybe Security Update 10.0.09139.02 5022497 https://support.microsoft.com/help/5022497 12079-12085 12079-12086 5022729 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022498 5017888, 5021089, 5022478 12079-12098 12079-12099 12079-12097 Maybe Security Update 10.0.09139.02 5022734 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022515 5018550, 5021094 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04038.06 5022734 https://support.microsoft.com/help/5022734 12115-9312 12115-10287 12115-9318 12115-9344 5022786 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022526 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Security Only 4.7.4038.05 5022786 https://support.microsoft.com/help/5022786 12115-9312 12115-10287 12115-9318 12115-9344 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 12128-10729 12128-10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 11677-10855 11677-10853 11677-10852 11677-10816 Yes Security Update 10.0.14393.5717 5022503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022503 5018515, 5020873 11676-10852 11676-10853 11676-10816 11676-10855 Maybe Security Update 10.0.04614.05 5022503 https://support.microsoft.com/help/5022503 11676-10852 11676-10853 11676-10816 11676-10855 5022729 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022502 5017888, 5021089, 5022478 11676-12097 11676-12098 11676-12099 Maybe Security Update 10.0.04614.06 goodbyeselene goodbyeselene 1.0 2023-02-14T08:00:00 <p>Information published.</p> 2.0 2023-02-24T08:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/38">https://github.com/PowerShell/Announcements/issues/38</a> for more information.</p> 3.0 2023-03-29T07:00:00 <p>Microsoft has rereleased KB5022498 to address a known issue where customers who installed the .NET Framework 4.8 February cumulative update (KB5022502), then updgraded to .NET Framework 4.8.1 and subsequently scanned for updates were unable to install KB5022498. Customers who were unable to install KB5022498 should rescan for updates and install the update. Customers who have already successfully installed KB5022498 do not need to take any further action.</p> 4.0 2023-06-13T07:00:00 <p>In the Security Updates table, added Visual Studio 2013 Update 5 and Visual Studio 2015 Update 3 as they are affected by this vulnerability. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability.</p> 5.0 2023-06-30T07:00:00 <p>To address a known issue when after installing the February 14, 2023, security updates for .NET Framework and .NET, users may have experienced issues with how WPF-based applications render XPS documents, Microsoft has released the June 2023 security updates for .NET Framework and for .NET. We recommend that customers install the June 2023 updates. Please note that if you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. To remove either of the workarounds see the instructions for removal in the &quot;Alternative Workaround&quot; section of <a href="https://support.microsoft.com/en-us/topic/kb5022083-change-in-how-wpf-based-applications-render-xps-documents-a4ae4fa4-bc58-4c37-acdd-5eebc4e34556">KB5022083 Change in how WPF-based applications render XPS documents</a>.</p> Windows iSCSI Service Denial of Service Vulnerability Windows iSCSI Microsoft Yes CVE-2023-21811 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2023-21812 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 4nyL1nK 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Secure Channel Denial of Service Vulnerability Windows Cryptographic Services Microsoft Yes CVE-2023-21813 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://www.youtube.com/watch?v=0AhPC_dHkHo">Polar Bear</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Visual Studio Microsoft Yes CVE-2023-21815 Integer Underflow (Wrap or Wraparound) 11600 12051 11935 11969 10566 10577 12129 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 10566 Remote Code Execution 10577 Remote Code Execution 12129 Critical 11600 Critical 12051 Critical 11935 Critical 11969 Critical 10566 Critical 10577 Critical 12129 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11969 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10566 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.52 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.13 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.24 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.19 5026610 https://aka.ms/vs/12/release/5026610 10566 Maybe Security Update 12.0.40700.0 5025792 https://aka.ms/vs/14/release/5025792 10577 Maybe Security Update 14.0.27555.0 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.5 goodbyeselene 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-03-23T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 2.0 2023-06-13T07:00:00 <p>In the Security Updates table, added Visual Studio 2013 Update 5 and Visual Studio 2015 Update 3 as they are affected by this vulnerability. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability.</p> Windows Active Directory Domain Services API Denial of Service Vulnerability Windows Active Directory Microsoft Yes CVE-2023-21816 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Kerberos Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kerberos Microsoft Yes CVE-2023-21817 Improper Authentication 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://twitter.com/monoxgas">Nick Landers</a> with NetSPI 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Secure Channel Denial of Service Vulnerability Windows SChannel Microsoft Yes CVE-2023-21818 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 Jason Fisher <a href="https://www.youtube.com/watch?v=0AhPC_dHkHo">Polar Bear</a> Andrei Popov 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Secure Channel Denial of Service Vulnerability Windows Cryptographic Services Microsoft Yes CVE-2023-21819 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12097 12098 12099 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 <a href="https://www.youtube.com/watch?v=0AhPC_dHkHo">Polar Bear</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Distributed File System (DFS) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability could be triggered when a windows client connects to a malicious remote share.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Distributed File System (DFS) Microsoft Yes CVE-2023-21820 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.4 6.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 HuanGMz 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-21822 Use After Free 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p><strong>How do I get the update for a Windows App?</strong></p> <p>The Microsoft Store will automatically update affected customers.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p> <p><strong>How do I get the update for Office for IOS?</strong></p> <ol> <li>Tap the Settings Icon</li> <li>Tap the iTunes &amp; App Store</li> <li>Turn on AUTOMATIC DOWNLOADS for Apps</li> </ol> <p><strong>Alternatively</strong></p> <ol> <li>Tap the App Store Icon</li> <li>Scroll down to find Microsoft Office</li> <li>Tap the Update button</li> </ol> <p><strong>How do I get the update for Office for Android?</strong></p> <p>Please reference <a href="https://support.google.com/googleplay/answer/113412?hl=en">How to update the Play Store &amp; apps on Android - Google Play Help</a> for guidance.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Graphics Component Microsoft Yes CVE-2023-21823 Integer Overflow or Wraparound 12155 12156 12163 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 12155 Remote Code Execution 12156 Remote Code Execution 12163 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 12155 Important 12156 Important 12163 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.3 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 12155 7.3 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 12156 7.3 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 12163 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11568 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11569 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11570 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11571 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11572 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11923 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11924 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11801 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11802 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11926 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11927 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11929 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11930 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 11931 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 12085 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 12086 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 12097 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 12098 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 12099 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10729 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10735 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10852 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10853 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10816 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10855 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 9312 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10287 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 9318 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 9344 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10051 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10049 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10378 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10379 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10483 7.8 7.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C 10543 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.16130.20156 Release Notes https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Maybe Security Update 16.0.14326.21330 Release Notes https://apps.apple.com/us/app/microsoft-365-office/id541164041 12163 Maybe Security Update 2.70.23021003 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 Genwei Jiang and Dhanesh Kizhakkinan of Mandiant Dhanesh Kizhakkinan with Mandiant 1.1 2023-02-17T08:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2023-21685 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2023-21686 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 1.0 2023-02-14T08:00:00 <p>Information published.</p> HTTP.sys Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows HTTP.sys Microsoft Yes CVE-2023-21687 Out-of-bounds Read 11923 11924 11926 11927 12085 12086 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 12085 Information Disclosure 12086 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> NT OS Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows ALPC Microsoft Yes CVE-2023-21688 Use After Free 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://twitter.com/hexnomad">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect Software</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N), privilege required is none (PR:N), and user interaction is none (UI:N). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution and attempt to trigger malicious code in the context of the server's account through a network call. The attacker needs no privileges nor does the user need to perform any action.</p> Windows Protected EAP (PEAP) Microsoft Yes CVE-2023-21689 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <p>Microsoft Protected Extensible Authentication Protocol (PEAP) is only negotiated with the client if NPS is running on the Windows Server and has a network policy configured that allows PEAP. To stop using PEAP, customers should ensure that PEAP Type is not configured as an allowed EAP type in their network policy. To learn more, please see<a href="https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/wireless/e-wireless-access-deployment#bkmk_configureprofile"> Configure the New Wireless Network Policy</a> and <a href="https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-configure">Configure Network Policies</a></p> <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.</p> Windows Protected EAP (PEAP) Microsoft Yes CVE-2023-21690 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <p>Microsoft Protected Extensible Authentication Protocol (PEAP) is only negotiated with the client if NPS is running on the Windows Server and has a network policy configured that allows PEAP. To stop using PEAP, customers should ensure that PEAP Type is not configured as an allowed EAP type in their network policy. To learn more, please see<a href="https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/wireless/e-wireless-access-deployment#bkmk_configureprofile"> Configure the New Wireless Network Policy</a> and <a href="https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-configure">Configure Network Policies</a></p> <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.</p> Windows Protected EAP (PEAP) Microsoft Yes CVE-2023-21691 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.</p> Windows Protected EAP (PEAP) Microsoft Yes CVE-2023-21692 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11801 Critical 11802 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <p>Microsoft Protected Extensible Authentication Protocol (PEAP) is only negotiated with the client if NPS is running on the Windows Server and has a network policy configured that allows PEAP. To stop using PEAP, customers should ensure that PEAP Type is not configured as an allowed EAP type in their network policy. To learn more, please see<a href="https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/wireless/e-wireless-access-deployment#bkmk_configureprofile"> Configure the New Wireless Network Policy</a> and <a href="https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-configure">Configure Network Policies</a></p> <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An authenticated user needs to interact with a malicious printer.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Microsoft PostScript Printer Driver Microsoft Yes CVE-2023-21693 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11568 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11569 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11570 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11923 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11924 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11801 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11802 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11926 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11927 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11929 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11930 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11931 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12085 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12086 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12097 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12098 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12099 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10729 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10735 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10852 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10853 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9312 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10287 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9318 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9344 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10051 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10049 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10378 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10379 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10483 5.7 5.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://twitter.com/edwardzpeng">Zhiniang Peng (@edwardzpeng) &amp; Zesen Ye (@wh1tc)</a> with <a href="https://www.sangfor.com/en">Sangfor</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Fax Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.</p> Windows Fax and Scan Service Microsoft Yes CVE-2023-21694 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 lm0963 with From TianGong Team of Legendsec at Qi&#39;anxin Group 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.</p> Windows Protected EAP (PEAP) Microsoft Yes CVE-2023-21695 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11801 Remote Code Execution 11802 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> Internet Storage Name Service Microsoft Yes CVE-2023-21697 Buffer Over-read 11568 11569 11570 11571 11572 11801 11802 11929 11930 11931 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11801 Important 11802 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11801 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11802 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory.</p> Internet Storage Name Service Microsoft Yes CVE-2023-21699 Out-of-bounds Read 11568 11569 11570 11571 11572 11801 11802 11929 11930 11931 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11801 Information Disclosure 11802 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11801 Important 11802 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11570 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11801 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11802 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9312 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10287 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9318 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 9344 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10051 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10049 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10378 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10379 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10483 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows iSCSI Discovery Service Denial of Service Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker could impact availability of the service resulting in Denial of Service (DoS).</p> Windows iSCSI Microsoft Yes CVE-2023-21700 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows iSCSI Service Denial of Service Vulnerability Windows iSCSI Microsoft Yes CVE-2023-21702 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11801 Denial of Service 11802 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11801 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11802 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> liubenjin with Codesafe Team of Legendsec at Qi&#39;anxin Group 1.0 2023-02-14T08:00:00 <p>Information published.</p> Azure Data Box Gateway Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What privileges are needed by the attacker and how are they used in the context of the remote code execution?</strong></p> <p>To successfully exploit this vulnerability, the attacker must have EdgeUser access.</p> <p>The EdgeUser is the core user used to perform management operations on the DBG device. They can perform actions like modifying network settings, configuring web proxy, configure cloud connectivity, shutdown/restart the appliance and trigger DBG updates via side-load mechanism and even factory reset the appliance (factory reset is an operation which wipes existing data and brings the appliance to a factory default state).</p> Azure Data Box Gateway Microsoft Yes CVE-2023-21703 Deserialization of Untrusted Data 12144 12093 Remote Code Execution 12144 Remote Code Execution 12093 Important 12144 Important 12093 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12144 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12093 Release Notes https://www.microsoft.com/downloads/details.aspx?familyid=https://learn.microsoft.com/en-us/azure-stack/user/vm-update-management?view=azs-2206&tabs=az 12144 Maybe Security Update 1.6.2225.773 Release Notes https://learn.microsoft.com/en-us/azure/databox-online/azure-stack-edge-deploy-connect-setup-activate 12093 Maybe Update Guidance 1.6.2225.773 Release Notes https://learn.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-install-update?tabs=version-2106-and-later 12093 Maybe Download Guidance 2.2.2162.730 Wudan 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Exchange Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N), privileges required is high (PR:H) and the user interaction is none (UI:N). How could an attacker exploit this vulnerability?</strong></p> <p>The attacker who successfully exploited this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated admin, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> Microsoft Exchange Server Microsoft Yes CVE-2023-21710 Deserialization of Untrusted Data 12039 11957 12038 Remote Code Execution 12039 Remote Code Execution 11957 Remote Code Execution 12038 Important 12039 Important 11957 Important 12038 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11957 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12038 5023038 https://www.microsoft.com/download/details.aspx?familyid=30d02c29-3f58-48b5-8dc6-6b54af690732 5019758 12039 Yes Security Update 15.01.2507.021 5023038 https://support.microsoft.com/help/5023038 12039 11957 12038 5023038 https://www.microsoft.com/download/details.aspx?familyid=80de331a-fc22-450e-b951-cc3f933897e4 5019758 11957 Yes Security Update 15.02.0986.041 5023038 https://www.microsoft.com/download/details.aspx?familyid=68684ee7-ed06-4819-92d4-33b46eb56093 5019758 12038 Yes Security Update 15.02.1118.025 <a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft SQL Server Remote Code Execution Vulnerability <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5021522</td> <td>Security update for SQL Server 2022 RTM+GDR (Feb 2023)</td> <td>16.0.1000.6</td> <td>N/A</td> </tr> <tr> <td>5021124</td> <td>Security update for SQL Server 2019 CU18+GDR (Feb 2023)</td> <td>15.0.4003.23 - 15.0.4261.1</td> <td>KB 5017593 – SQL2019 RTM CU18</td> </tr> <tr> <td>5021125</td> <td>Security update for SQL Server 2019 RTM+GDR (Feb 2023)</td> <td>15.0.2000.5 - 15.0.2095.3</td> <td>KB 5014356 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5021126</td> <td>Security update for SQL Server 2017 CU31+GDR (Feb 2023)</td> <td>14.0.3006.16 - 14.0.3456.2</td> <td>KB 5016884 – SQL2017 RTM CU31</td> </tr> <tr> <td>5021127</td> <td>Security update for SQL Server 2017 RTM+GDR (Feb 2023)</td> <td>14.0.1000.169 - 14.0.2042.3</td> <td>KB 5014354 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5021128</td> <td>Security update for SQL Server 2016 SP3 Azure Connect Feature Pack+GDR (Feb 2023)</td> <td>13.0.7000.253 - 13.0.7016.1</td> <td>KB 5015371 - Previous Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5021129</td> <td>Security update for SQL Server 2016 SP3+GDR (Feb 2023)</td> <td>13.0.6300.2 - 13.0.6419.1</td> <td>KB 5014355 - Previous SQL2016 SP3 GDR</td> </tr> <tr> <td>5021045</td> <td>Security update for SQL Server 2014 SP3 CU4+GDR (Feb 2023)</td> <td>12.0.6205.1 - 12.0.6439.10</td> <td>KB 5014164 – SQL2014 SP3 CU4</td> </tr> <tr> <td>5021037</td> <td>Security update for SQL Server 2014 SP3+GDR (Feb 2023)</td> <td>12.0.6024.0 - 12.0.6169.19</td> <td>KB 5014165 - Previous SQL2014 SP3 GDR</td> </tr> <tr> <td>5021123</td> <td>Security update for SQL Server 2012 SP4+GDR (Feb2023)</td> <td>11.0.7001.0 - 11.0.7507.2</td> <td>KB 4583465 - Previous SQL2012 SP4 GDR</td> </tr> <tr> <td>5021112</td> <td>Security update for SQL Server SQL2008R2 SP3+GDR (Feb2023)</td> <td>10.50.6000.34 - 10.50.6560.0</td> <td>KB 4057113 - Previous SQL2008R2 SP3 GDR</td> </tr> <tr> <td>5020863</td> <td>Security update for SQL Server 2008 SP4+GDR (Feb2023)</td> <td>10.00.6000.29 - 10.00.6556.0</td> <td>KB 4057114 - Previous SQL2008 SP4 GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p>The privilege requirement is low because the attacker needs to be authenticated as a normal user.</p> SQL Server Microsoft Yes CVE-2023-21713 Deserialization of Untrusted Data 12053 11672 11671 11821 12048 11667 11476 11477 11478 11825 12146 12145 12147 Remote Code Execution 12053 Remote Code Execution 11672 Remote Code Execution 11671 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 11667 Remote Code Execution 11476 Remote Code Execution 11477 Remote Code Execution 11478 Remote Code Execution 11825 Remote Code Execution 12146 Remote Code Execution 12145 Remote Code Execution 12147 Important 12053 Important 11672 Important 11671 Important 11821 Important 12048 Important 11667 Important 11476 Important 11477 Important 11478 Important 11825 Important 12146 Important 12145 Important 12147 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11672 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11671 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11667 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11476 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11477 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11825 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12146 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 5021128 https://www.microsoft.com/download/details.aspx?familyid=2b43cc11-e9d6-45ed-974b-ff7efb63699c 5015371 12053 Maybe Security Update 13.0.7024.30 5021045 https://www.microsoft.com/download/details.aspx?familyid=d7dcf8ea-7219-48a1-941a-23460d9510df 5014164 11672 11825 Maybe Security Update 12.0.6174.8 5021037 https://www.microsoft.com/download/details.aspx?familyid=ae1e0ab6-c49c-4ef2-a142-5cb531ef9235 5014165 11671 11667 Maybe Security Update 12.0.6444.4 5021125 https://www.microsoft.com/download/details.aspx?familyid=9bedde5f-de1f-466b-bb67-d2a2d0dfc279 5014356 11821 Maybe Security Update 15.0.2101.7 5021129 https://www.microsoft.com/download/details.aspx?familyid=64412f99-8d5c-47bd-b89a-445b3fd5ce38 5014355 12048 Maybe Security Update 13.0.6430.49 5021123 4583465 11476 11477 Maybe Security Update 11.0.7512.11 5021127 https://www.microsoft.com/download/details.aspx?familyid=5521de5b-6966-4a1e-808d-93dd89c2240d 5014354 11478 Maybe Security Update 14.0.2047.8 5021124 https://www.microsoft.com/download/details.aspx?familyid=32db4259-905f-4462-a2de-b0a0c4b5162b 5014353 12146 Maybe Security Update 15.0.4280.7 5021126 https://www.microsoft.com/download/details.aspx?familyid=d2c2ddec-ab33-4dc5-b2ef-5a9f49d203c6 5014553 12145 Maybe Security Update 14.0.3460.9 5021522 https://www.microsoft.com/download/details.aspx?familyid=2f9ea572-d508-46b7-864f-882932c1ad37 12147 Maybe Security Update 16.0.1050.5 <p>SQL <a href="https://learn.microsoft.com/en-us/sql/data-quality-services/data-quality-client-application?view=sql-server-ver16">Data Quality Services</a> enables you to build a knowledge base and use it to perform a variety of critical data quality tasks. The vulnerability is only exploitable if this optional feature is enabled and running on an SQL instance. Additionally, the feature is not available in Azure SQL instances.</p> <a href="https://twitter.com/arudd1ck">Andrew Ruddick</a> with Microsoft Security Response Center 2.0 2023-02-16T08:00:00 <p>Updated the Security Updates table to include the Extended Support (ESU) products: Microsoft SQL Server 2012 Service Pack 4.</p> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Office Information Disclosure Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Microsoft Office Microsoft Yes CVE-2023-21714 Out-of-bounds Read 11762 11763 11952 11953 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11952 Information Disclosure 11953 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 Click to Run 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases willJ of vulnerability research institute 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft Publisher Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L), privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?</strong></p> <p>The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a local attack potentially enabling access to the victim user's information, the ability to alter information, or the ability to cause downtime to the target environment.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files.</p> Microsoft Office Publisher Microsoft Yes CVE-2023-21715 11763 11762 Security Feature Bypass 11763 Security Feature Bypass 11762 Important 11763 Important 11762 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 Click to Run 11763 11762 No Security Update https://aka.ms/OfficeSecurityReleases Hidetake Jo, Rick Cole, Charlie Hurel, and Matthew Mesa Haifei Li with <a href="https://expmon.com/">EXPMON</a> 1.3 2023-04-14T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-02-15T08:00:00 <p>Acknowledgement added. This is an informational change only.</p> 1.2 2023-02-21T08:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Microsoft Word Remote Code Execution Vulnerability <p><strong>What is the attack vector for this vulnerability?</strong></p> <p>An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install all the updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?</strong></p> <p>No. Customers running SharePoint Enterprise Server 2013 Service Pack 1 should install either of the following:</p> <ul> <li>Cumulative update (ubersrv13). Note that this update also includes the *srvloc2013 update</li> <li>Both of the security updates (sts2013 AND *loc2013), which are the same updates as for Foundation Server 2013</li> </ul> <p>Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.</p> <p><strong>I am running SharePoint Foundation 2013 Service Pack 1. Do I need to install all the updates that are listed for SharePoint Foundation 2013 Service Pack 1 ?</strong></p> <p>Yes, customers running SharePoint Foundation 2013 Service Pack 1 should install both of the security updates. The updates can be installed in any order.</p> Microsoft Office Word Microsoft Yes CVE-2023-21716 Integer Overflow or Wraparound 11951 11953 11961 11952 11762 11972 11605 11575 11763 11574 10950 11099 11585 10747 10746 11573 10611 10612 10604 10606 10605 Remote Code Execution 11951 Remote Code Execution 11953 Remote Code Execution 11961 Remote Code Execution 11952 Remote Code Execution 11762 Remote Code Execution 11972 Remote Code Execution 11605 Remote Code Execution 11575 Remote Code Execution 11763 Remote Code Execution 11574 Remote Code Execution 10950 Remote Code Execution 11099 Remote Code Execution 11585 Remote Code Execution 10747 Remote Code Execution 10746 Remote Code Execution 11573 Remote Code Execution 10611 Remote Code Execution 10612 Remote Code Execution 10604 Remote Code Execution 10606 Remote Code Execution 10605 Critical 11951 Critical 11953 Critical 11961 Critical 11952 Critical 11762 Critical 11972 Critical 11605 Critical 11575 Critical 11763 Critical 11574 Critical 10950 Critical 11099 Critical 11585 Critical 10747 Critical 10746 Critical 11573 Critical 10611 Critical 10612 Critical 10604 Critical 10606 Critical 10605 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11972 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11605 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10611 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10612 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10604 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10606 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10605 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 11575 Maybe Security Update 16.70.23021201 Click to Run 11953 11952 11762 11763 11574 11573 No Security Update https://aka.ms/OfficeSecurityReleases 5002353 https://www.microsoft.com/download/details.aspx?familyid=90406070-0c55-4dd4-bf7c-61a3523ed220 5002331 11961 Maybe Security Update 16.0.15601.20478 5002352 https://www.microsoft.com/download/details.aspx?familyid=0a2caffa-58d4-45b7-bce7-1d2de1cb09d7 5002291 11961 11972 Maybe Security Update 16.0.15601.20478 5002309 https://www.microsoft.com/download/details.aspx?familyid=7fb06917-0c3f-457b-b56c-97d9e6fbf0d8 5002276 11605 Maybe Security Update 16.0.10395.20001 5002325 https://www.microsoft.com/download/details.aspx?familyid=fc35bf36-03cc-4441-9f38-dcdde9755a51 5002289 10950 Maybe Security Update 16.0.5383.1000 5002346 https://www.microsoft.com/download/details.aspx?familyid=75ca0d88-aad3-4a05-8d05-3d00d5cf048b 11099 Maybe Cumulative Update 15.0.5529.1000 5002347 https://www.microsoft.com/download/details.aspx?familyid=7d0f3c40-8269-4ed6-967b-2b1eb06f7dee 5002336 11099 10612 Maybe Security Update 15.0.5529.1000 5002312 https://www.microsoft.com/download/details.aspx?familyid=ee2b8387-411a-4329-9018-60ba1b61302d 5002235 11099 10612 Maybe Security Update 15.0.5529.1000 5002342 https://www.microsoft.com/download/details.aspx?familyid=e6d1379c-3d38-45c6-8b2d-28f1c9dbebcd 5002329 11585 Maybe Security Update 16.0.10395.20001 5002330 https://www.microsoft.com/download/details.aspx?familyid=3e88ed98-7ca7-4164-9cc8-56f80eb8caad 5002295 11585 Maybe Security Update 16.0.10395.20001 5002323 https://www.microsoft.com/download/details.aspx?familyid=c1e7e62f-6348-4d1b-ba92-ced7a2da1e8d 5002223 10747 Maybe Security Update 16.0.5383.1000 5002323 https://www.microsoft.com/download/details.aspx?familyid=ce73ac0a-3564-4fc7-8a29-53a3e6d1c03a 5002223 10746 Maybe Security Update 16.0.5383.1000 5002313 https://www.microsoft.com/download/details.aspx?familyid=768c0e00-41aa-410e-a146-58b8d367505f 5002261 10611 Maybe Security Update 15.0.5529.1000 5002316 https://www.microsoft.com/download/details.aspx?familyid=8e2feab3-1009-4033-9621-e2f04bba5636 5002217 10604 Maybe Security Update 15.0.5529.1000 5002316 10606 Maybe Security Update 15.0.5529.1000 5002316 https://www.microsoft.com/download/details.aspx?familyid=b41b90c9-8d7e-43fc-b52b-665da3b781b8 5002217 10605 Maybe Security Update 15.0.5529.1000 <p><strong>Use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sources.</strong></p> <p><strong>Warning:</strong> If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.</p> <p><strong>Impact of Workaround.</strong> Users who have configured the File Block policy and have not configured a special “exempt directory” as discussed in <a href="https://learn.microsoft.com/en-us/office/troubleshoot/settings/file-blocked-in-office">Microsoft Knowledge Base Article 922849</a> will be unable to open documents saved in the RTF format.</p> <p><strong>For Office 2013</strong></p> <ol> <li><p>Run regedit.exe as Administrator and navigate to the following subkey:</p> <pre><code> `[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\FileBlock]` </code></pre> </li> <li><p>Set the RtfFiles DWORD value to 2.</p> </li> <li><p>Set the OpenInProtectedView DWORD value to 0.</p> </li> </ol> <p><strong>For Office 2016</strong></p> <ol> <li><p>Run regedit.exe as Administrator and navigate to the following subkey:</p> <pre><code> `[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\FileBlock]` </code></pre> </li> <li><p>Set the <strong>RtfFiles</strong> DWORD value to <strong>2</strong>.</p> </li> <li><p>Set the OpenInProtectedView DWORD value to <strong>0</strong>.</p> </li> </ol> <p><strong>For Office 2019</strong></p> <ol> <li><p>Run regedit.exe as Administrator and navigate to the following subkey:</p> <pre><code> `[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\FileBlock]` </code></pre> </li> <li><p>Set the <strong>RtfFiles</strong> DWORD value to <strong>2</strong>.</p> </li> <li><p>Set the OpenInProtectedView DWORD value to <strong>0</strong>.</p> </li> </ol> <p><strong>For Office 2021</strong></p> <ol> <li><p>Run regedit.exe as Administrator and navigate to the following subkey:</p> <pre><code> `[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\FileBlock]` </code></pre> </li> <li><p>Set the <strong>RtfFiles</strong> DWORD value to <strong>2</strong>.</p> </li> <li><p>Set the OpenInProtectedView DWORD value to <strong>0</strong>.</p> </li> </ol> <p><strong>How to undo the workaround</strong></p> <p><strong>For Office 2013</strong></p> <ol> <li><p>Run regedit.exe as Administrator and navigate to the following subkey:</p> <pre><code> `[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\FileBlock]` </code></pre> </li> <li><p>Set the RtfFiles DWORD value to 0.</p> </li> <li><p>Leave the OpenInProtectedView DWORD value set to 0.</p> </li> </ol> <p><strong>For Office 2016</strong></p> <ol> <li><p>Run regedit.exe as Administrator and navigate to the following subkey:</p> <pre><code> `[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\FileBlock]` </code></pre> </li> <li><p>Set the <strong>RtfFiles</strong> DWORD value to <strong>0</strong>.</p> </li> <li><p>Set the OpenInProtectedView DWORD value to <strong>0</strong>.</p> </li> </ol> <p><strong>For Office 2019</strong></p> <ol> <li><p>Run regedit.exe as Administrator and navigate to the following subkey:</p> <pre><code> `[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\FileBlock]` </code></pre> </li> <li><p>Set the <strong>RtfFiles</strong> DWORD value to <strong>0</strong>.</p> </li> <li><p>Set the OpenInProtectedView DWORD value to <strong>0</strong>.</p> </li> </ol> <p><strong>For Office 2021</strong></p> <ol> <li><p>Run regedit.exe as Administrator and navigate to the following subkey:</p> <pre><code> `[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\FileBlock]` </code></pre> </li> <li><p>Set the <strong>RtfFiles</strong> DWORD value to <strong>0</strong>.</p> </li> <li><p>Set the OpenInProtectedView DWORD value to <strong>0</strong>.</p> </li> </ol> <p><strong>Use Microsoft Outlook to reduce the risk of users opening RTF Files from unknown or untrusted sources</strong></p> <p>To help protect against this vulnerability, we recommend users read email messages in plain text format.</p> <p>For guidance on how to configure Microsoft Outlook to read all standard mail in plain text, please refer to <a href="https://support.microsoft.com/en-us/office/read-email-messages-in-plain-text-16dfe54a-fadc-4261-b2ce-19ad072ed7e3">Read email messages in plain text</a>.</p> <p><strong>Impact of workaround:</strong> Email messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. In addition, the following behavior may be experienced:</p> <ul> <li>The changes are applied to the preview pane and to open messages.</li> <li>Pictures become attachments so that they are not lost.</li> <li>Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.</li> </ul> <a href="https://twitter.com/jduck">Joshua J. Drake</a> 1.1 2023-02-17T08:00:00 <p>Added FAQs section and added clarifying information to the Mitigations section. This is an informational change only.</p> 2.0 2023-02-23T08:00:00 <p>The following updates have been made: 1) In the Security Updates table, added the following versions of Microsoft Office as they are also affected by this vulnerability: Microsoft Office 2019 for 32-bit editions and Microsoft Office 2019 for 64-bit editions. Microsoft strongly recommends that customers running any of these versions of Office install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2) Added additional Microsoft Office and Microsoft Outlook workaround guidance.</p> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft SharePoint Server Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.</p> <p><strong>I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install all the updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?</strong></p> <p>No. Customers running SharePoint Enterprise Server 2013 Service Pack 1 should install either of the following:</p> <ul> <li>Cumulative update (ubersrv13). Note that this update also includes the *srvloc2013 update</li> <li>Both of the security updates (sts2013 AND *loc2013), which are the same updates as for Foundation Server 2013</li> </ul> <p>Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.</p> <p><strong>I am running SharePoint Foundation 2013 Service Pack 1. Do I need to install all the updates that are listed for SharePoint Foundation 2013 Service Pack 1 ?</strong></p> <p>Yes, customers running SharePoint Foundation 2013 Service Pack 1 should install both of the security updates. The updates can be installed in any order.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-21717 Improper Access Control 10950 11099 11585 11961 10612 Elevation of Privilege 10950 Elevation of Privilege 11099 Elevation of Privilege 11585 Elevation of Privilege 11961 Elevation of Privilege 10612 Important 10950 Important 11099 Important 11585 Important 11961 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10612 5002350 https://www.microsoft.com/download/details.aspx?familyid=c7c5a4e7-8ab0-4c49-83b2-51b999216212 5002338 10950 Maybe Security Update 16.0.5383.1000 5002325 https://www.microsoft.com/download/details.aspx?familyid=fc35bf36-03cc-4441-9f38-dcdde9755a51 5002289 10950 Maybe Security Update 16.0.5383.1000 5002346 https://www.microsoft.com/download/details.aspx?familyid=75ca0d88-aad3-4a05-8d05-3d00d5cf048b 11099 Maybe Cumulative Update 15.0.5529.1000 5002347 https://www.microsoft.com/download/details.aspx?familyid=7d0f3c40-8269-4ed6-967b-2b1eb06f7dee 5002336 11099 10612 Maybe Security Update 15.0.5529.1000 5002312 https://www.microsoft.com/download/details.aspx?familyid=ee2b8387-411a-4329-9018-60ba1b61302d 5002235 11099 10612 Maybe Security Update 15.0.5529.1000 5002342 https://www.microsoft.com/download/details.aspx?familyid=e6d1379c-3d38-45c6-8b2d-28f1c9dbebcd 5002329 11585 Maybe Security Update 16.0.10395.20001 5002330 https://www.microsoft.com/download/details.aspx?familyid=3e88ed98-7ca7-4164-9cc8-56f80eb8caad 5002295 11585 Maybe Security Update 16.0.10395.20001 5002353 https://www.microsoft.com/download/details.aspx?familyid=90406070-0c55-4dd4-bf7c-61a3523ed220 5002331 11961 Maybe Security Update 16.0.15601.20478 Anonymous 1.0 2023-02-14T08:00:00 <p>Information published.</p> .NET Framework Denial of Service Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is Denial of Service?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website. This could lead to a local attack on the victim's computer which could cause a denial of service.</p> .NET Framework Microsoft Yes CVE-2023-21722 Improper Link Resolution Before File Access ('Link Following') 11650-10051 11650-10049 11650-10378 11650-10379 11650-10483 11650-10543 11676-11568 11676-11569 11676-11571 11676-11572 11676-11923 11676-11924 11676-11801 11676-11802 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11863-10051 11863-10049 11863-10378 11863-10379 11863-10483 11863-10543 12079-11923 12079-11924 12079-11801 12079-11802 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12098 12079-12099 12115-9312 12115-10287 12115-9318 12115-9344 12128-10729 12128-10735 9292-9312 9292-9318 9195-9312 9195-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10051 9495-10049 12079-12097 11677-10816 11676-12097 11676-10852 11676-10855 11677-10853 11676-12099 11676-12098 11676-10853 11677-10855 11676-10816 11677-10852 Denial of Service 11650-10051 Denial of Service 11650-10049 Denial of Service 11650-10378 Denial of Service 11650-10379 Denial of Service 11650-10483 Denial of Service 11650-10543 Denial of Service 11676-11568 Denial of Service 11676-11569 Denial of Service 11676-11571 Denial of Service 11676-11572 Denial of Service 11676-11923 Denial of Service 11676-11924 Denial of Service 11676-11801 Denial of Service 11676-11802 Denial of Service 11676-11926 Denial of Service 11676-11927 Denial of Service 11676-11929 Denial of Service 11676-11930 Denial of Service 11676-11931 Denial of Service 11677-11568 Denial of Service 11677-11569 Denial of Service 11677-11570 Denial of Service 11677-11571 Denial of Service 11677-11572 Denial of Service 11863-10051 Denial of Service 11863-10049 Denial of Service 11863-10378 Denial of Service 11863-10379 Denial of Service 11863-10483 Denial of Service 11863-10543 Denial of Service 12079-11923 Denial of Service 12079-11924 Denial of Service 12079-11801 Denial of Service 12079-11802 Denial of Service 12079-11926 Denial of Service 12079-11927 Denial of Service 12079-11929 Denial of Service 12079-11930 Denial of Service 12079-11931 Denial of Service 12079-12085 Denial of Service 12079-12086 Denial of Service 12079-12098 Denial of Service 12079-12099 Denial of Service 12115-9312 Denial of Service 12115-10287 Denial of Service 12115-9318 Denial of Service 12115-9344 Denial of Service 12128-10729 Denial of Service 12128-10735 Denial of Service 9292-9312 Denial of Service 9292-9318 Denial of Service 9195-9312 Denial of Service 9195-9318 Denial of Service 2472-10378 Denial of Service 2472-10379 Denial of Service 2472-10483 Denial of Service 2472-10543 Denial of Service 9495-10051 Denial of Service 9495-10049 Denial of Service 12079-12097 Denial of Service 11677-10816 Denial of Service 11676-12097 Denial of Service 11676-10852 Denial of Service 11676-10855 Denial of Service 11677-10853 Denial of Service 11676-12099 Denial of Service 11676-12098 Denial of Service 11676-10853 Denial of Service 11677-10855 Denial of Service 11676-10816 Denial of Service 11677-10852 Important 11650-10051 Important 11650-10049 Important 11650-10378 Important 11650-10379 Important 11650-10483 Important 11650-10543 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11923 Important 11676-11924 Important 11676-11801 Important 11676-11802 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11863-10051 Important 11863-10049 Important 11863-10378 Important 11863-10379 Important 11863-10483 Important 11863-10543 Important 12079-11923 Important 12079-11924 Important 12079-11801 Important 12079-11802 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12098 Important 12079-12099 Important 12115-9312 Important 12115-10287 Important 12115-9318 Important 12115-9344 Important 12128-10729 Important 12128-10735 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10051 Important 9495-10049 Important 12079-12097 Important 11677-10816 Important 11676-12097 Important 11676-10852 Important 11676-10855 Important 11677-10853 Important 11676-12099 Important 11676-12098 Important 11676-10853 Important 11677-10855 Important 11676-10816 Important 11677-10852 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11650-10051 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11650-10049 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11650-10378 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11650-10379 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11650-10483 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11650-10543 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11568 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11569 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11571 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11572 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11923 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11924 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11801 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11802 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11926 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11927 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11929 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11930 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-11931 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11677-11568 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11677-11569 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11677-11570 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11677-11571 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11677-11572 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11863-10051 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11863-10049 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11863-10378 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11863-10379 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11863-10483 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11863-10543 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11923 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11924 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11801 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11802 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11926 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11927 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11929 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11930 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-11931 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12085 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12086 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12098 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12099 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12115-9312 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12115-10287 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12115-9318 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12115-9344 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12128-10729 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12128-10735 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9292-9312 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9292-9318 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9195-9312 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9195-9318 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 2472-10378 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 2472-10379 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 2472-10483 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 2472-10543 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9495-10051 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9495-10049 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12079-12097 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11677-10816 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-12097 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-10852 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-10855 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11677-10853 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-12099 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-12098 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-10853 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11677-10855 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11676-10816 5.0 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11677-10852 5022731 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022509 5018547, 5021091 11650-10051 11650-10049 Maybe Monthly Rollup 4.8.4614.08 5022731 https://support.microsoft.com/help/5022731 11650-10051 11650-10049 11863-10051 11863-10049 9495-10051 9495-10049 5022783 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022520 11650-10051 11650-10049 Maybe Security Only 4.8.4614.07 5022783 https://support.microsoft.com/help/5022783 11650-10051 11650-10049 11863-10051 11863-10049 9495-10051 9495-10049 5022732 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022506 5018548, 5021092 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.04614.05 5022732 https://support.microsoft.com/help/5022732 11650-10378 11650-10379 11863-10378 11863-10379 2472-10378 2472-10379 5022784 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022514 11650-10378 11650-10379 Maybe Security Only 4.8.04614.03 5022784 https://support.microsoft.com/help/5022784 11650-10378 11650-10379 11863-10378 11863-10379 2472-10378 2472-10379 5022733 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022508 5018549, 5021093 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.04614.05 5022733 https://support.microsoft.com/help/5022733 11650-10483 11650-10543 11863-10483 11863-10543 2472-10483 2472-10543 5022785 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022516 11650-10483 11650-10543 Maybe Security Only 4.8.04614.03 5022785 https://support.microsoft.com/help/5022785 11650-10483 11650-10543 11863-10483 11863-10543 2472-10483 2472-10543 5022782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022504 5018542, 5021085 11676-11568 11676-11569 11676-11571 11676-11572 Maybe Security Update 10.0.04614.06 5022782 https://support.microsoft.com/help/5022782 11676-11568 11676-11569 11676-11571 11676-11572 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 5022735 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022507 5018551, 5021095 11676-11923 11676-11924 Maybe Security Update 10.0.04614.06 5022735 https://support.microsoft.com/help/5022735 11676-11923 11676-11924 12079-11923 12079-11924 5022727 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022502 5018543, 5021086, 5022474 11676-11801 11676-11802 Maybe Security Update 10.0.04614.06 5022727 https://support.microsoft.com/help/5022727 11676-11801 11676-11802 12079-11801 12079-11802 5022730 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022505 5018546, 5021090, 5022479 11676-11926 11676-11927 Maybe Security Update 10.0.4614.06 5022730 https://support.microsoft.com/help/5022730 11676-11926 11676-11927 12079-11926 12079-11927 5022728 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022502 5018545, 5021088, 5022476 11676-11929 11676-11930 Maybe Security Update 10.0.04614.06 5022728 https://support.microsoft.com/help/5022728 11676-11929 11676-11930 11676-11931 12079-11929 12079-11930 12079-11931 5022728 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022502 5018545, 5021088, 5022476 11676-11931 Maybe Monthly Rollup 10.0.04614.06 5022782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022511 5018542, 5021085 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 Maybe Security Update 10.0.04038.03 5022731 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022515 5018547, 5021091 11863-10051 11863-10049 Maybe Monthly Rollup 4.7.04614.08 5022783 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022526 11863-10051 11863-10049 Maybe Security Only 4.7.04038.05 5022732 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022512 5018548, 5021092 11863-10378 11863-10379 Maybe Monthly Rollup 4.7.04038.03 5022784 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022522 11863-10378 11863-10379 Maybe Security Only 4.7.04038.02 5022733 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022513 5018549, 5021093 11863-10483 11863-10543 Maybe Monthly Rollup 4.7.04038.03 5022785 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022524 11863-10483 11863-10543 Maybe Security Only 4.7.04038.02 5022735 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022501 5018551, 5021095 12079-11923 12079-11924 Maybe Security Update 10.0.09139.02 5022727 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022498 5018543, 5021086, 5022474 12079-11801 12079-11802 Maybe Security Update 10.0.09139.02 5022730 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022499 5018546, 5021090, 5022479 12079-11926 12079-11927 Maybe Security Update 10.0.09139.02 5022728 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022498 5018545, 5021088, 5022476 12079-11929 12079-11930 12079-11931 Maybe Security Update 10.0.09139.02 5022729 https://support.microsoft.com/help/5022729 11676-11929 11676-11930 11676-11931 12079-11929 12079-11930 12079-11931 5022497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022497 5020880, 5022404 12079-12085 12079-12086 Maybe Security Update 10.0.09139.02 5022497 https://support.microsoft.com/help/5022497 12079-12085 12079-12086 5022729 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022498 5017888, 5021089, 5022478 12079-12098 12079-12099 12079-12097 Maybe Security Update 10.0.09139.02 5022734 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022515 5018550, 5021094 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.04038.06 5022734 https://support.microsoft.com/help/5022734 12115-9312 12115-10287 12115-9318 12115-9344 9292-9312 9292-9318 9195-9312 9195-9318 5022786 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022526 12115-9312 12115-10287 12115-9318 12115-9344 Maybe Security Only 4.7.4038.05 5022786 https://support.microsoft.com/help/5022786 12115-9312 12115-10287 12115-9318 12115-9344 9292-9312 9292-9318 9195-9312 9195-9318 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 12128-10729 12128-10735 Yes Security Update 10.0.10240.19747 5022734 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022521 5018550, 5021094 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Monthly Rollup 2.0.50727.8966 5022786 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022529 9292-9312 9292-9318 9195-9312 9195-9318 Maybe Security Only 2.0.04038.05 5022732 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022574 5018548, 5021092 2472-10378 2472-10379 Maybe Monthly Rollup 3.5.50727.8966 5022784 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022575 2472-10378 2472-10379 Maybe Security Only 3.5.50727.8966 5022733 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022525 5018549, 5021093 2472-10483 2472-10543 Maybe Monthly Rollup 3.5.50727.8966 5022785 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022531 2472-10483 2472-10543 Maybe Security Only 2.0.50727.8966 5022731 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022523 5018547, 5021091 9495-10051 9495-10049 Maybe Monthly Rollup 3.5.50727.8966 5022783 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022530 9495-10051 9495-10049 Maybe Security Only 2.0.50727.8966 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 11677-10816 11677-10853 11677-10855 11677-10852 Yes Security Update 10.0.14393.5717 5022729 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022502 5017888, 5021089, 5022478 11676-12097 11676-12099 11676-12098 Maybe Security Update 10.0.04614.06 5022503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022503 5018515, 5020873 11676-10852 11676-10855 11676-10853 11676-10816 Maybe Security Update 10.0.04614.05 5022503 https://support.microsoft.com/help/5022503 11676-10852 11676-10855 11676-10853 11676-10816 <a href="https://twitter.com/filip_dragovic">Filip Dragovic</a> with Infigo IS 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-03-23T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 2.0 2023-03-29T07:00:00 <p>Microsoft has rereleased KB5022498 to address a known issue where customers who installed the .NET Framework 4.8 February cumulative update (KB5022502), then updgraded to .NET Framework 4.8.1 and subsequently scanned for updates were unable to install KB5022498. Customers who were unable to install KB5022498 should rescan for updates and install the update. Customers who have already successfully installed KB5022498 do not need to take any further action.</p> Azure DevOps Server Cross-Site Scripting Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to no loss of availability (A:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker cannot impact the availability of the service.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could access data that is available for the current user. Depending on the user's authorization the attacker could collect detailed data about ADO elements such as org/proj configuration, users, groups, teams, projects, pipelines, board, or wiki. An attacker could also craft page elements to collect user secrets.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>An attacker is able to manipulate DOM model of website adding/removing elements, with crafted script is able to do actions on ADO in current user context without user consent or awareness.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Azure DevOps Microsoft Yes CVE-2023-21564 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12149 Spoofing 12149 Important 12149 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 12149 Release Notes file://cpvsbuild/drops/mseng/tfs/Dev19/releases_M205.AzureDevOps2022.RTW/layouts/x86ret/Tfs2018Sgn_20230125.2/enu/devops/Patch 12149 Maybe Security Update 20230131.1 1.0 2023-02-14T08:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2023-23376 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11801 11802 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11801 Elevation of Privilege 11802 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11801 Important 11802 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11801 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11802 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5022840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840 5022286 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4010 5022840 https://support.microsoft.com/help/5022840 11568 11569 11570 11571 11572 5022842 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842 5022291 11923 11924 Yes Security Update 10.0.20348.1547 5022842 https://support.microsoft.com/help/5022842 11923 11924 5022921 11923 11924 No Security Hotpatch Update 10.0.20348.1540 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11801 11802 Yes Security Update 10.0.19042.2604 5022834 https://support.microsoft.com/help/5022834 11801 11802 11929 11930 11931 12097 12098 12099 5022836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836 5022287 11926 11927 Yes Security Update 10.0.22621.1574 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 11929 11930 11931 Yes Security Update 10.0.19044.2604 5022845 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845 5022303 12085 12086 Yes Security Update 10.0.22621.1265 5022845 https://support.microsoft.com/help/5022845 12085 12086 5022834 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834 5022282 12097 12098 12099 Yes Security Update 10.0.19045.2604 5022858 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858 5022297 10729 10735 Yes Security Update 10.0.10240.19747 5022838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838 5022289 10852 10853 10816 10855 Yes Security Update 10.0.14393.5717 5022890 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890 5022340 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.21915 5022890 https://support.microsoft.com/help/5022890 9312 10287 9318 9344 5022893 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893 9312 10287 9318 9344 Yes Security Only 6.0.6003.21915 5022893 https://support.microsoft.com/help/5022893 9312 10287 9318 9344 5022872 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872 5022338 10051 10049 Yes Monthly Rollup 6.1.7601.26366 5022872 https://support.microsoft.com/help/5022872 10051 10049 5022874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874 10051 10049 Yes Security Only 6.1.7601.26366 5022874 https://support.microsoft.com/help/5022874 10051 10049 5022903 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903 5022348 10378 10379 Yes Monthly Rollup 6.2.9200.24116 5022903 https://support.microsoft.com/help/5022903 10378 10379 5022895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895 10378 10379 Yes Security Only 6.2.9200.24116 5022895 https://support.microsoft.com/help/5022895 10378 10379 5022899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899 5022352 10483 10543 Yes Monthly Rollup 6.3.9600.20821 5022899 https://support.microsoft.com/help/5022899 10483 10543 5022894 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894 10483 10543 Yes Security Only 6.3.9600.20821 5022894 https://support.microsoft.com/help/5022894 10483 10543 Microsoft Threat Intelligence Center (MSTIC) Microsoft Security Response Center (MSRC) 1.0 2023-02-14T08:00:00 <p>Information published.</p> 3D Builder Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>How do I get the update for a Windows App?</strong></p> <p>The Microsoft Store will automatically update affected customers.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p> 3D Builder Microsoft Yes CVE-2023-23377 Heap-based Buffer Overflow 12141 Remote Code Execution 12141 Important 12141 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12141 Release Notes https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 20.0.1 12141 Maybe Security Update 20.0.2.0 Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Visual Studio Microsoft Yes CVE-2023-23381 Heap-based Buffer Overflow 11935 11969 12051 11600 12129 10566 10577 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12051 Remote Code Execution 11600 Remote Code Execution 12129 Remote Code Execution 10566 Remote Code Execution 10577 Critical 11935 Critical 11969 Critical 12051 Critical 11600 Critical 12129 Critical 10566 Critical 10577 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11969 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10566 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10577 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.24 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.19 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.13 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.52 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.5 5026610 https://aka.ms/vs/12/release/5026610 10566 Maybe Security Update 12.0.40700.0 5025792 https://aka.ms/vs/14/release/5025792 10577 Maybe Security Update 14.0.27555.0 goodbyeselene 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-03-23T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 2.0 2023-06-13T07:00:00 <p>In the Security Updates table, added Visual Studio 2013 Update 5 and Visual Studio 2015 Update 3 as they are affected by this vulnerability. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability.</p> 3.0 2023-06-13T07:00:00 <p>In the Security Updates table, added Visual Studio 2013 Update 5 and Visual Studio 2015 Update 3 as they are affected by this vulnerability. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability.</p> 3D Builder Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>How do I get the update for a Windows App?</strong></p> <p>The Microsoft Store will automatically update affected customers.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p> 3D Builder Microsoft Yes CVE-2023-23390 Heap-based Buffer Overflow 12141 Remote Code Execution 12141 Important 12141 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12141 Release Notes https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us 20.0.1 12141 Maybe Security Update 20.0.2.0 Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> Microsoft OneNote Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could impersonate another user to perform actions.</p> <p><strong>How do I get the update for OneNote for Android?</strong></p> <p>Please reference <a href="https://support.google.com/googleplay/answer/113412?hl=en">How to update the Play Store &amp; apps on Android - Google Play Help</a> for guidance.</p> Microsoft Office OneNote Microsoft Yes CVE-2023-21721 Improper Authentication 12153 Elevation of Privilege 12153 Important 12153 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12153 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.onenote 12153 Maybe Security Update 16.0.16026.20158 <a href="https://linkedin.com/in/valsamaras">Dimitrios Valsamaras</a> with <a href="https://microsoft.com/">Microsoft</a> 1.0 2023-02-14T08:00:00 <p>Information published.</p> 1.1 2023-02-14T08:00:00 <p>Updated Impact in the Security Updates table, CVE Title, and FAQs. This is an informational change only.</p> MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device <p>An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic.</p> <p>Broadcom no longer supports their hardware on any Windows platforms. As such there is no security update available to address this vulnerability. We recommend that customers using HoloLens 1 devices with this WiFi client device do the following to protect themselves from this vulnerability:</p> <ul> <li>Update Wi-Fi routers to mitigate security vulnerabilities (for example, FragAttacks).</li> <li>Use WPA2-Enterprise with certificate-based authentication for HoloLens Wi-Fi.</li> <li>Don’t connect your HoloLens device to untrusted Wi-Fi networks.</li> <li>Don’t reuse Wi-Fi passwords.</li> <li>Don't use plain text HTTP connection.</li> <li>Enable Kiosk mode on your HoloLens device and prevent users from using apps that expose URL links.</li> </ul> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>For an attacker to exploit this vulnerability, the following conditions must be met:</p> <ul> <li>The attacker must be in physical proximity to the targeted victim. A remote attack is not possible because this vulnerability is at the Wi-Fi layer.</li> <li>The victim must be using unprotected transports such as plain HTTP.</li> </ul> <p>If customers follow the security best practices outlined in the Executive Summary, this vulnerability would be difficult to exploit.</p> HoloLens MITRE Corporation Yes CVE-2019-15126 12158 Information Disclosure 12158 12158 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 1.0 2023-02-14T08:00:00 <p>Information published.</p> GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio Github Yes CVE-2023-41953 11600 12051 11935 11969 12129 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.52 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.13 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.24 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.19 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.5 Anonymous 1.0 2023-02-14T08:00:00 <p>Information published.</p> GitHub: CVE-2022-23521 gitattributes parsing integer overflow <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Visual Studio GitHub Yes CVE-2022-23521 11600 12051 11935 11969 12129 Remote Code Execution 11600 Remote Code Execution 12051 Remote Code Execution 11935 Remote Code Execution 11969 Remote Code Execution 12129 Important 11600 Important 12051 Important 11935 Important 11969 Important 12129 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.52 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.13 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.24 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.19 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.5 Anonymous 1.0 2023-02-14T08:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 Mariner security@huntr.dev Yes CVE-2023-0512 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12138 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 vim 12137 vim-9.0.1247-1.cm1.x86_64.rpm 0001-01-01T00:00:00 vim-extra-9.0.1247-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.1247-1 vim 12138 vim-9.0.1247-1.cm1.aarch64.rpm 0001-01-01T00:00:00 vim-extra-9.0.1247-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.1247-1 vim 12139 vim-9.0.1247-1.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-9.0.1247-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.1247-1 vim 12140 vim-9.0.1247-1.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-9.0.1247-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.1247-1 1.0 2023-02-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-0266 https://nvd.nist.gov/vuln/detail/CVE-2023-0266 https://nvd.nist.gov/vuln/detail/CVE-2023-0266 https://nvd.nist.gov/vuln/detail/CVE-2023-0266 Mariner security@google.com Yes CVE-2023-0266 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 hyperv-daemons 12139 hyperv-daemons-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.92.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.92.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 kernel 12139 kernel-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 hyperv-daemons 12140 hyperv-daemons-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.92.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.92.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 kernel 12140 kernel-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 1.0 2023-02-03T00:00:00 <p>Information published.</p> 1.1 2023-02-07T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2022-1943 https://nvd.nist.gov/vuln/detail/CVE-2022-1943 https://nvd.nist.gov/vuln/detail/CVE-2022-1943 https://nvd.nist.gov/vuln/detail/CVE-2022-1943 Mariner secalert@redhat.com Yes CVE-2022-1943 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12139 kernel-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 kernel 12140 kernel-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 kernel 12137 kernel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 kernel 12138 kernel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.174.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.174.1-1 1.0 2023-02-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-25147 https://nvd.nist.gov/vuln/detail/CVE-2022-25147 https://nvd.nist.gov/vuln/detail/CVE-2022-25147 https://nvd.nist.gov/vuln/detail/CVE-2022-25147 Mariner security@apache.org Yes CVE-2022-25147 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 12137 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 12138 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 12140 apr-util 12137 apr-util-1.6.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 apr-util-devel-1.6.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 apr-util-ldap-1.6.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 apr-util-pgsql-1.6.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 apr-util-sqlite-1.6.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 apr-util-debuginfo-1.6.3-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.3-1 apr-util 12138 apr-util-1.6.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 apr-util-devel-1.6.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 apr-util-ldap-1.6.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 apr-util-pgsql-1.6.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 apr-util-sqlite-1.6.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 apr-util-debuginfo-1.6.3-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.3-1 apr-util 12139 apr-util-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 apr-util-bdb-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 apr-util-devel-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 apr-util-ldap-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 apr-util-mysql-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 apr-util-odbc-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 apr-util-openssl-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 apr-util-pgsql-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 apr-util-sqlite-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 apr-util-debuginfo-1.6.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.3-1 apr-util 12140 apr-util-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 apr-util-bdb-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 apr-util-devel-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 apr-util-ldap-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 apr-util-mysql-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 apr-util-odbc-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 apr-util-openssl-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 apr-util-pgsql-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 apr-util-sqlite-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 apr-util-debuginfo-1.6.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.3-1 1.0 2023-02-06T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-0394 https://nvd.nist.gov/vuln/detail/CVE-2023-0394 https://nvd.nist.gov/vuln/detail/CVE-2023-0394 https://nvd.nist.gov/vuln/detail/CVE-2023-0394 https://nvd.nist.gov/vuln/detail/CVE-2023-0394 https://nvd.nist.gov/vuln/detail/CVE-2023-0394 Mariner secalert@redhat.com Yes CVE-2023-0394 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.167.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.167.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.167.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.167.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.167.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.167.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.167.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.167.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.167.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.167.1-1 kernel 12138 kernel-5.10.167.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.167.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.167.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.167.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.167.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.167.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.167.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.167.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.167.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.167.1-1 hyperv-daemons 12139 hyperv-daemons-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.92.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.92.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 kernel 12139 kernel-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 hyperv-daemons 12140 hyperv-daemons-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.92.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.92.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 kernel 12140 kernel-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 1.0 2023-02-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-37436 https://nvd.nist.gov/vuln/detail/CVE-2022-37436 https://nvd.nist.gov/vuln/detail/CVE-2022-37436 https://nvd.nist.gov/vuln/detail/CVE-2022-37436 Mariner security@apache.org Yes CVE-2022-37436 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12137 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12138 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12140 httpd 12137 httpd-2.4.55-1.cm1.x86_64.rpm 0001-01-01T00:00:00 httpd-devel-2.4.55-1.cm1.x86_64.rpm 0001-01-01T00:00:00 httpd-docs-2.4.55-1.cm1.x86_64.rpm 0001-01-01T00:00:00 httpd-tools-2.4.55-1.cm1.x86_64.rpm 0001-01-01T00:00:00 httpd-debuginfo-2.4.55-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.55-1 httpd 12138 httpd-2.4.55-1.cm1.aarch64.rpm 0001-01-01T00:00:00 httpd-devel-2.4.55-1.cm1.aarch64.rpm 0001-01-01T00:00:00 httpd-docs-2.4.55-1.cm1.aarch64.rpm 0001-01-01T00:00:00 httpd-tools-2.4.55-1.cm1.aarch64.rpm 0001-01-01T00:00:00 httpd-debuginfo-2.4.55-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.55-1 httpd 12139 httpd-2.4.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 httpd-devel-2.4.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 httpd-docs-2.4.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 httpd-tools-2.4.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mod_ldap-2.4.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mod_proxy_html-2.4.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mod_session-2.4.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mod_ssl-2.4.55-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.55-1 httpd 12140 httpd-2.4.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 httpd-devel-2.4.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 httpd-docs-2.4.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 httpd-tools-2.4.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mod_ldap-2.4.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mod_proxy_html-2.4.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mod_session-2.4.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mod_ssl-2.4.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 httpd-debuginfo-2.4.55-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.55-1 1.0 2023-02-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-0468 https://nvd.nist.gov/vuln/detail/CVE-2023-0468 Mariner secalert@redhat.com Yes CVE-2023-0468 12139 12140 12139 12140 12139 12140 DOS:N/A 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12139 kernel-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.92.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 kernel 12140 kernel-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.92.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.92.1-1 1.0 2023-02-02T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-42919 https://nvd.nist.gov/vuln/detail/CVE-2022-42919 https://nvd.nist.gov/vuln/detail/CVE-2022-42919 https://nvd.nist.gov/vuln/detail/CVE-2022-42919 Mariner cve@mitre.org Yes CVE-2022-42919 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 python3 12139 python3-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-libs-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-curses-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-devel-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-tools-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-pip-3.9.14-5.cm2.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.9.14-5.cm2.noarch.rpm 0001-01-01T00:00:00 python3-test-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.9.14-5.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.9.14-5 python3 12140 python3-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-libs-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-curses-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-devel-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-tools-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-pip-3.9.14-5.cm2.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.9.14-5.cm2.noarch.rpm 0001-01-01T00:00:00 python3-test-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.9.14-5.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.9.14-5 python3 12137 python3-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-libs-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-xml-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-curses-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-devel-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-tools-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-pip-3.7.16-1.cm1.noarch.rpm 0001-01-01T00:00:00 python3-setuptools-3.7.16-1.cm1.noarch.rpm 0001-01-01T00:00:00 python3-test-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 python3-debuginfo-3.7.16-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.7.16-1 python3 12138 CBL-Mariner 3.7.16-1 1.0 2022-11-09T00:00:00 <p>Information published.</p> 1.1 2023-02-06T00:00:00 <p>Added python3 to CBL-Mariner 1.0</p>