January 2023 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2023-Jan
2023-Jan
Final
1.0
73
2026-05-17T14:38:35
January 2023 Security Updates
2023-01-10T08:00:00
2026-05-17T14:38:35
<h2 id="updates-this-month">Updates this Month</h2>
<p>This release consists of security updates for the following products, features and roles.</p>
<ul>
<li>.NET Core</li>
<li>3D Builder</li>
<li>Azure Service Fabric Container</li>
<li>Microsoft Bluetooth Driver</li>
<li>Microsoft Edge (Chromium-based)</li>
<li>Microsoft Exchange Server</li>
<li>Microsoft Graphics Component</li>
<li>Microsoft Local Security Authority Server (lsasrv)</li>
<li>Microsoft Message Queuing</li>
<li>Microsoft Office</li>
<li>Microsoft Office SharePoint</li>
<li>Microsoft Office Visio</li>
<li>Microsoft WDAC OLE DB provider for SQL</li>
<li>Visual Studio Code</li>
<li>Windows ALPC</li>
<li>Windows Ancillary Function Driver for WinSock</li>
<li>Windows Authentication Methods</li>
<li>Windows Backup Engine</li>
<li>Windows Bind Filter Driver</li>
<li>Windows BitLocker</li>
<li>Windows Boot Manager</li>
<li>Windows Credential Manager</li>
<li>Windows Cryptographic Services</li>
<li>Windows DWM Core Library</li>
<li>Windows Error Reporting</li>
<li>Windows Event Tracing</li>
<li>Windows IKE Extension</li>
<li>Windows Installer</li>
<li>Windows Internet Key Exchange (IKE) Protocol</li>
<li>Windows iSCSI</li>
<li>Windows Kernel</li>
<li>Windows Layer 2 Tunneling Protocol</li>
<li>Windows LDAP - Lightweight Directory Access Protocol</li>
<li>Windows Local Security Authority (LSA)</li>
<li>Windows Local Session Manager (LSM)</li>
<li>Windows Malicious Software Removal Tool</li>
<li>Windows Management Instrumentation</li>
<li>Windows MSCryptDImportKey</li>
<li>Windows NTLM</li>
<li>Windows ODBC Driver</li>
<li>Windows Overlay Filter</li>
<li>Windows Point-to-Point Tunneling Protocol</li>
<li>Windows Print Spooler Components</li>
<li>Windows Remote Access Service L2TP Driver</li>
<li>Windows RPC API</li>
<li>Windows Secure Socket Tunneling Protocol (SSTP)</li>
<li>Windows Smart Card</li>
<li>Windows Task Scheduler</li>
<li>Windows Virtual Registry Provider</li>
<li>Windows Workstation Service</li>
</ul>
<p>Please note the following information regarding the security updates:</p>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>January 6, 2023</td>
<td><a href="https://msrc-blog.microsoft.com/2023/01/06/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td>
</tr>
<tr>
<td>December 29, 2022</td>
<td><a href="https://msrc-blog.microsoft.com/2022/12/29/security-update-guide-improvement-representing-hotpatch-updates/">Security Update Guide Improvement – Representing Hotpatch Updates</a></td>
</tr>
<tr>
<td>August 9, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile2">Security Update Guide Notification System News: Create your profile now</a></td>
</tr>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-information">Relevant Information</h2>
<ul>
<li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="faqs-mitigations-and-workarounds">FAQs, Mitigations, and Workarounds</h2>
<p>The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting <strong>FAQs</strong>, <strong>Mitigations</strong> and <strong>Workarounds</strong> columns in the <strong>Edit Columns</strong> panel.</p>
<ul>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21524">CVE-2023-21524</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21525">CVE-2023-21525</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21531">CVE-2023-21531</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532">CVE-2023-21532</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535">CVE-2023-21535</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21536">CVE-2023-21536</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21537">CVE-2023-21537</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21539">CVE-2023-21539</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21540">CVE-2023-21540</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21541">CVE-2023-21541</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21542">CVE-2023-21542</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21543">CVE-2023-21543</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21546">CVE-2023-21546</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21548">CVE-2023-21548</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21549">CVE-2023-21549</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21550">CVE-2023-21550</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21551">CVE-2023-21551</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21552">CVE-2023-21552</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21555">CVE-2023-21555</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21556">CVE-2023-21556</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21557">CVE-2023-21557</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21558">CVE-2023-21558</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21559">CVE-2023-21559</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21560">CVE-2023-21560</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21561">CVE-2023-21561</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21563">CVE-2023-21563</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21674">CVE-2023-21674</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21675">CVE-2023-21675</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21676">CVE-2023-21676</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21678">CVE-2023-21678</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21679">CVE-2023-21679</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21680">CVE-2023-21680</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21681">CVE-2023-21681</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21682">CVE-2023-21682</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21724">CVE-2023-21724</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21725">CVE-2023-21725</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21726">CVE-2023-21726</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21730">CVE-2023-21730</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21732">CVE-2023-21732</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21733">CVE-2023-21733</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21734">CVE-2023-21734</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21735">CVE-2023-21735</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21736">CVE-2023-21736</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21737">CVE-2023-21737</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21738">CVE-2023-21738</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21739">CVE-2023-21739</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21741">CVE-2023-21741</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21742">CVE-2023-21742</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21743">CVE-2023-21743</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21744">CVE-2023-21744</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21745">CVE-2023-21745</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21746">CVE-2023-21746</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21747">CVE-2023-21747</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21748">CVE-2023-21748</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21749">CVE-2023-21749</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21750">CVE-2023-21750</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21752">CVE-2023-21752</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21753">CVE-2023-21753</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21754">CVE-2023-21754</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21755">CVE-2023-21755</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21759">CVE-2023-21759</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21760">CVE-2023-21760</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21761">CVE-2023-21761</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21762">CVE-2023-21762</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21763">CVE-2023-21763</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21764">CVE-2023-21764</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21765">CVE-2023-21765</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21766">CVE-2023-21766</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21767">CVE-2023-21767</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21768">CVE-2023-21768</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21771">CVE-2023-21771</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21772">CVE-2023-21772</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21773">CVE-2023-21773</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21774">CVE-2023-21774</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21776">CVE-2023-21776</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21779">CVE-2023-21779</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21780">CVE-2023-21780</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21781">CVE-2023-21781</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21782">CVE-2023-21782</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21783">CVE-2023-21783</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21784">CVE-2023-21784</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21785">CVE-2023-21785</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21786">CVE-2023-21786</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21787">CVE-2023-21787</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21788">CVE-2023-21788</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21789">CVE-2023-21789</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21790">CVE-2023-21790</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21791">CVE-2023-21791</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21792">CVE-2023-21792</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21793">CVE-2023-21793</a></li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5022143">5022143</a></td>
<td>Microsoft Exchange Server 2016</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022193">5022193</a></td>
<td>Microsoft Exchange Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022286">5022286</a></td>
<td>Windows 10, version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022303">5022303</a></td>
<td>Windows 11 version 22H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022338">5022338</a></td>
<td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022339">5022339</a></td>
<td>Windows 7, Windows Server 2008 R2 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022340">5022340</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022343">5022343</a></td>
<td>Windows Server 2012 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022346">5022346</a></td>
<td>Windows 8.1, Windows Server 2012 R2 (Security-only update)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022348">5022348</a></td>
<td>Windows Server 2012 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022352">5022352</a></td>
<td>Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5022353">5022353</a></td>
<td>Windows Server 2008 (Security-only update)</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Azure Service Fabric 8.2
Azure Service Fabric 9.0 for Linux
Azure Service Fabric 9.1
.NET 6.0
PowerShell 7.2
Visual Studio Code
Windows Malicious Software Removal Tool 64-bit
Windows Malicious Software Removal Tool 32-bit
Microsoft Office 2019 for Mac
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Visio 2013 Service Pack 1 (32-bit editions)
Microsoft Visio 2013 Service Pack 1 (64-bit editions)
Microsoft Visio 2016 (32-bit edition)
Microsoft Visio 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2013 Cumulative Update 23
3D Builder
Microsoft Edge (Chromium-based) Extended Stable
Microsoft Edge (Chromium-based)
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2012 R2
Windows RT 8.1
Windows Server 2012 R2 (Server Core installation)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Visio 2013 Service Pack 1 (32-bit editions)
Microsoft Visio 2013 Service Pack 1 (64-bit editions)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Visio 2016 (32-bit edition)
Microsoft Visio 2016 (64-bit edition)
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft SharePoint Server 2019
Visual Studio Code
Microsoft Edge (Chromium-based)
Microsoft Exchange Server 2013 Cumulative Update 23
Windows Malicious Software Removal Tool 64-bit
Windows Malicious Software Removal Tool 32-bit
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 11 version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft SharePoint Server Subscription Edition
PowerShell 7.2
.NET 6.0
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2016 Cumulative Update 23
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Azure Service Fabric 8.2
Azure Service Fabric 9.0 for Linux
Azure Service Fabric 9.1
CBL Mariner 1.0 x64
CBL Mariner 1.0 ARM
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
3D Builder
Microsoft Edge (Chromium-based) Extended Stable
fluent-bit-2.0.9-1.cm2.x86_64.rpm on CBL Mariner 2.0 x64
fluent-bit-devel-2.0.9-1.cm2.x86_64.rpm on CBL Mariner 2.0 x64
fluent-bit-debuginfo-2.0.9-1.cm2.x86_64.rpm on CBL Mariner 2.0 x64
fluent-bit-2.0.9-1.cm2.aarch64.rpm on CBL Mariner 2.0 ARM
fluent-bit-devel-2.0.9-1.cm2.aarch64.rpm on CBL Mariner 2.0 ARM
fluent-bit-debuginfo-2.0.9-1.cm2.aarch64.rpm on CBL Mariner 2.0 ARM
hvloader-1.0.1-6.cm2.x86_64.rpm on CBL Mariner 2.0 x64
cbl2 samba 4.12.5-6 on CBL Mariner 2.0
azl3 samba 4.18.3-1 on Azure Linux 3.0
azl3 ceph 18.2.1-1 on Azure Linux 3.0
cm1 openjdk8 1.8.0.332-2 on CBL Mariner 1.0
cm1 man-db 2.8.4-5 on CBL Mariner 1.0
cm1 openvswitch 2.15.7-1 on CBL Mariner 1.0
cbl2 openvswitch 2.17.5-1 on CBL Mariner 2.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0
cbl2 rust 1.68.0-1 on CBL Mariner 2.0
azl3 qemu 8.2.0-16 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 mod_http2 2.0.29-3 on Azure Linux 3.0
cm1 kernel 5.10.188.1-1 on CBL Mariner 1.0
cbl2 kernel 5.15.122.1-2 on CBL Mariner 2.0
cm1 mozjs60 60.9.0-13 on CBL Mariner 1.0
cm1 kernel 5.10.181.1-1 on CBL Mariner 1.0
cbl2 nodejs 16.20.1-2 on CBL Mariner 2.0
cm1 kernel 5.10.177.1-1 on CBL Mariner 1.0
cbl2 kernel 5.15.107.1-2 on CBL Mariner 2.0
cbl2 kernel 5.15.102.1-1 on CBL Mariner 2.0
cm1 kernel 5.10.172.1-1 on CBL Mariner 1.0
cm1 kernel 5.10.189.1-1 on CBL Mariner 1.0
cm1 rust 1.59.0-1 on CBL Mariner 1.0
cbl2 rust 1.68.2-5 on CBL Mariner 2.0
cm1 mysql 8.0.32-1 on CBL Mariner 1.0
cbl2 mysql 8.0.32-1 on CBL Mariner 2.0
cm1 binutils 2.36.1-3 on CBL Mariner 1.0
cm1 vim 9.0.1247-1 on CBL Mariner 1.0
cbl2 vim 9.0.1247-1 on CBL Mariner 2.0
cm1 kernel 5.10.168.1-1 on CBL Mariner 1.0
cm1 hyperv-daemons 5.10.168.1-1 on CBL Mariner 1.0
cbl2 kernel 5.15.92.1-1 on CBL Mariner 2.0
cbl2 hyperv-daemons 5.15.92.1-1 on CBL Mariner 2.0
cm1 kernel 5.10.167.1-1 on CBL Mariner 1.0
cbl2 libgit2 1.4.5-1 on CBL Mariner 2.0
cm1 tpm2-tss 2.4.6-2 on CBL Mariner 1.0
cbl2 tpm2-tss 2.4.6-2 on CBL Mariner 2.0
cm1 redis 6.2.7-3 on CBL Mariner 1.0
cbl2 redis 6.2.9-1 on CBL Mariner 2.0
cm1 sudo 1.9.12p2-1 on CBL Mariner 1.0
cbl2 sudo 1.9.12p2-1 on CBL Mariner 2.0
cbl2 hyperv-daemons 5.15.87.1-1 on CBL Mariner 2.0
cbl2 kernel 5.15.87.1-1 on CBL Mariner 2.0
cm1 vim 9.0.1189-1 on CBL Mariner 1.0
cbl2 vim 9.0.1189-1 on CBL Mariner 2.0
cm1 mozjs60 60.9.0-11 on CBL Mariner 1.0
cbl2 vim 9.0.1145-1 on CBL Mariner 2.0
cbl2 rpm-ostree 2022.1-7 on CBL Mariner 2.0
cbl2 netavark 1.0.3-5 on CBL Mariner 2.0
cbl2 kata-containers 3.1.0-11 on CBL Mariner 2.0
azl3 apr 1.7.5-1 on Azure Linux 3.0
cbl2 wireshark 4.0.8-1 on CBL Mariner 2.0
cbl2 pkgconf 1.8.0-3 on CBL Mariner 2.0
cm1 nasm 2.16-1 on CBL Mariner 1.0
cbl2 nasm 2.16-1 on CBL Mariner 2.0
cbl2 kernel 5.15.92.1-2 on CBL Mariner 2.0
cm1 bind 9.16.37-1 on CBL Mariner 1.0
cbl2 bind 9.16.37-2 on CBL Mariner 2.0
cm1 apr-util 1.6.3-1 on CBL Mariner 1.0
cbl2 apr-util 1.6.3-1 on CBL Mariner 2.0
cm1 syslog-ng 3.23.1-4 on CBL Mariner 1.0
cbl2 syslog-ng 3.33.2-7 on CBL Mariner 2.0
azl3 syslog-ng 4.3.1-2 on Azure Linux 3.0
azl3 mozjs 102.15.1-1 on Azure Linux 3.0
cm1 httpd 2.4.55-1 on CBL Mariner 1.0
cbl2 httpd 2.4.55-1 on CBL Mariner 2.0
cm1 libtiff 4.4.0-7 on CBL Mariner 1.0
cbl2 libtiff 4.4.0-7 on CBL Mariner 2.0
cm1 mariadb 10.3.36-2 on CBL Mariner 1.0
cbl2 mariadb 10.6.9-3 on CBL Mariner 2.0
cbl2 binutils 2.37-5 on CBL Mariner 2.0
cm1 hyperv-daemons 5.10.174.1-1 on CBL Mariner 1.0
cm1 git 2.33.6-1 on CBL Mariner 1.0
cbl2 git 2.33.8-2 on CBL Mariner 2.0
cm1 libksba 1.3.5-5 on CBL Mariner 1.0
cm1 gnupg2 2.2.20-4 on CBL Mariner 1.0
cbl2 gnupg2 2.4.0-1 on CBL Mariner 2.0
cm1 systemd 239-43 on CBL Mariner 1.0
cbl2 systemd-bootstrap 250.3-12 on CBL Mariner 2.0
cbl2 systemd 250.3-13 on CBL Mariner 2.0
azl3 systemd-bootstrap 250.3-15 on Azure Linux 3.0
cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0
cbl2 rust 1.68.2-1 on CBL Mariner 2.0
cm1 kernel 5.10.164.1-1 on CBL Mariner 1.0
cm1 bash 4.4.23-1 on CBL Mariner 1.0
azl3 systemd-bootstrap 250.3-17 on Azure Linux 3.0
azl3 rpm-ostree 2022.1-7 on Azure Linux 3.0
azl3 apr 1.7.2-1 on Azure Linux 3.0
azl3 javapackages-bootstrap 1.14.0-2 on Azure Linux 3.0
cbl2 pytorch 2.0.0-1 on CBL Mariner 2.0
cbl2 opa 0.50.2-5 on CBL Mariner 2.0
cbl2 freeradius 3.2.3-1 on CBL Mariner 2.0
cbl2 sleuthkit on CBL Mariner 2.0
cbl2 opusfile on CBL Mariner 2.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 rust 1.75.0-14 on Azure Linux 3.0
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0
azl3 rust 1.86.0-1 on Azure Linux 3.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
azl3 kata-containers 3.1.3-2 on Azure Linux 3.0
cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
azl3 nasm 2.16.01-1 on Azure Linux 3.0
cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0
cbl2 ceph 16.2.10-7 on CBL Mariner 2.0
azl3 ceph 16.2.10-3 on Azure Linux 3.0
azl3 netavark 1.0.3-5 on Azure Linux 3.0
azl3 libjpeg-turbo 3.0.0-1 on Azure Linux 3.0
cbl2 tar 1.34-3 on CBL Mariner 2.0
azl3 sleuthkit 4.12.1-1 on Azure Linux 3.0
azl3 kernel 6.6.96.2-2 on Azure Linux 3.0
azl3 kernel 6.6.104.2-4 on Azure Linux 3.0
azl3 kernel 6.6.104.2-4 on Azure Linux 3.0
azl3 kernel 6.6.112.1-2 on Azure Linux 3.0
azl3 kernel 6.6.117.1-1 on Azure Linux 3.0
azl3 kernel 6.6.119.3-1 on Azure Linux 3.0
azl3 kernel 6.6.119.3-3 on Azure Linux 3.0
azl3 kernel 6.6.121.1-1 on Azure Linux 3.0
azl3 kernel 6.6.126.1-1 on Azure Linux 3.0
azl3 kernel 6.6.126.1-1 on Azure Linux 3.0
azl3 kernel 6.6.130.1-3 on Azure Linux 3.0
azl3 nasm 2.16.01-2 on Azure Linux 3.0
azl3 kernel 6.6.134.1-2 on Azure Linux 3.0
azl3 kernel 6.6.137.1-2 on Azure Linux 3.0
azl3 kernel 6.6.138.1-1 on Azure Linux 3.0
azl3 kernel 6.6.138.1-1 on Azure Linux 3.0
azl3 kernel 6.6.139.1-1 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Heap-based Buffer Overflow in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2023-0051
18007-16820
18010-16823
18007-16820
18010-16823
Important
18007-16820
Important
18010-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18007-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18010-16823
CBL-Mariner Releases
18007-16820
No
Security Update
9.0.1189-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18007-16820
CBL-Mariner Releases
CBL-Mariner Releases
18010-16823
No
Security Update
9.0.1145-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18010-16823
CBL-Mariner Releases
1.0
2023-01-12T00:00:00
<p>Information published.</p>
Heap-based Buffer Overflow in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2023-0288
18007-16820
18008-16823
18007-16820
18008-16823
Important
18007-16820
Important
18008-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18007-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18008-16823
CBL-Mariner Releases
18007-16820
18008-16823
No
Security Update
9.0.1189-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18007-16820
18008-16823
CBL-Mariner Releases
1.0
2023-01-20T00:00:00
<p>Information published.</p>
Divide By Zero in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2023-0512
17990-16820
17991-16823
17990-16820
17991-16823
Important
17990-16820
Important
17991-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
17990-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
17991-16823
CBL-Mariner Releases
17990-16820
17991-16823
No
Security Update
9.0.1247-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17990-16820
17991-16823
CBL-Mariner Releases
1.0
2023-02-07T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21876
17950-16820
17958-16823
17950-16820
17958-16823
Moderate
17950-16820
Moderate
17958-16823
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17950-16820
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-25T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21877
17950-16820
17958-16823
17950-16820
17958-16823
Moderate
17950-16820
Moderate
17958-16823
5.5
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
17950-16820
5.5
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-25T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21879
17950-16820
17958-16823
17950-16820
17958-16823
Moderate
17950-16820
Moderate
17958-16823
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17950-16820
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-25T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21881
17950-16820
17958-16823
17950-16820
17958-16823
Moderate
17950-16820
Moderate
17958-16823
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17950-16820
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-26T00:00:00
<p>Information published.</p>
Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-22466
Improper Initialization
18815-17084
18469-17084
19671-17084
17941-16820
17944-16823
18011-16823
18012-16823
18013-16823
19706-17084
19864-17084
19693-17084
19686-17084
18815-17084
18469-17084
19671-17084
17941-16820
17944-16823
18011-16823
18012-16823
18013-16823
19706-17084
19864-17084
19693-17084
19686-17084
Moderate
18815-17084
Moderate
18469-17084
Moderate
19671-17084
Moderate
17941-16820
Moderate
17944-16823
Moderate
18011-16823
Moderate
18012-16823
Moderate
18013-16823
Moderate
19706-17084
Moderate
19864-17084
Moderate
19693-17084
Moderate
19686-17084
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
18815-17084
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
18469-17084
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19671-17084
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
17941-16820
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
17944-16823
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
18011-16823
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
18012-16823
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
18013-16823
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
19706-17084
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
19864-17084
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
19693-17084
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
19686-17084
CBL-Mariner Releases
18815-17084
No
Security Update
2024.4-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18815-17084
CBL-Mariner Releases
CBL-Mariner Releases
17941-16820
No
Security Update
1.59.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17941-16820
CBL-Mariner Releases
CBL-Mariner Releases
17944-16823
No
Security Update
1.68.2-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17944-16823
CBL-Mariner Releases
CBL-Mariner Releases
18011-16823
No
Security Update
2022.1-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18011-16823
CBL-Mariner Releases
CBL-Mariner Releases
18012-16823
No
Security Update
1.0.3-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18012-16823
CBL-Mariner Releases
CBL-Mariner Releases
18013-16823
No
Security Update
3.1.0-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18013-16823
CBL-Mariner Releases
CBL-Mariner Releases
19706-17084
No
Security Update
3.2.0.azl0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19706-17084
CBL-Mariner Releases
CBL-Mariner Releases
19864-17084
No
Security Update
1.10.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19864-17084
CBL-Mariner Releases
1.2
2026-02-19T01:06:42
<p>Information published.</p>
1.0
2023-01-12T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
libgit2 fails to verify SSH keys by default
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-22742
Improper Verification of Cryptographic Signature
19671-17084
19686-17084
17941-16820
17269-16823
17998-16823
19671-17084
19686-17084
17941-16820
17269-16823
17998-16823
Moderate
19671-17084
Moderate
19686-17084
Moderate
17941-16820
Moderate
17269-16823
Moderate
17998-16823
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
19671-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
19686-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17941-16820
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17269-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17998-16823
CBL-Mariner Releases
17941-16820
No
Security Update
1.59.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17941-16820
CBL-Mariner Releases
CBL-Mariner Releases
17269-16823
No
Security Update
1.68.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17269-16823
CBL-Mariner Releases
CBL-Mariner Releases
17998-16823
No
Security Update
1.4.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17998-16823
CBL-Mariner Releases
1.0
2024-07-12T00:00:00
<p>Information published.</p>
1.1
2026-02-21T03:47:57
<p>Information published.</p>
In pkgconf through 1.9.3 variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example a .pc file containing a few hundred bytes can expand to one billion bytes.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-24056
18407-16823
18407-16823
Moderate
18407-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18407-16823
CBL-Mariner Releases
18407-16823
No
Security Update
1.8.0-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18407-16823
CBL-Mariner Releases
1.0
2023-01-30T00:00:00
<p>Information published.</p>
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21830
16968-16820
16968-16820
Moderate
16968-16820
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
16968-16820
CBL-Mariner Releases
16968-16820
No
Security Update
1.8.0.332-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16968-16820
CBL-Mariner Releases
1.0
2025-10-01T23:11:28
<p>Information published.</p>
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-4543
Exposure of Sensitive Information to an Unauthorized Actor
20613-17084
20725-17084
20860-17084
20957-17084
21248-17084
21308-17084
21332-17084
17936-16820
18490-16823
19683-17084
20412-17084
20556-17084
20553-17084
20788-17084
20823-17084
20956-17084
21094-17084
21331-17084
21344-17084
20613-17084
20725-17084
20860-17084
20957-17084
21248-17084
21308-17084
21332-17084
17936-16820
18490-16823
19683-17084
20412-17084
20556-17084
20553-17084
20788-17084
20823-17084
20956-17084
21094-17084
21331-17084
21344-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20860-17084
Moderate
20957-17084
Moderate
21248-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
17936-16820
Moderate
18490-16823
19683-17084
Moderate
20412-17084
Moderate
20556-17084
Moderate
20553-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21331-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20957-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
17936-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18490-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20556-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
21331-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
21344-17084
CBL-Mariner Releases
17936-16820
No
Security Update
5.10.189.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17936-16820
CBL-Mariner Releases
CBL-Mariner Releases
18490-16823
No
Security Update
5.15.182.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18490-16823
CBL-Mariner Releases
1.0
2025-09-03T20:19:21
<p>Information published.</p>
2.0
2025-12-07T01:35:17
<p>Information published.</p>
4.0
2026-01-20T14:35:24
<p>Information published.</p>
6.0
2026-03-04T14:35:17
<p>Information published.</p>
7.0
2026-03-05T01:35:59
<p>Information published.</p>
9.0
2026-04-29T14:38:18
<p>Information published.</p>
11.0
2026-05-11T01:38:02
<p>Information published.</p>
12.0
2026-05-11T14:37:59
<p>Information published.</p>
3.0
2026-01-08T14:35:09
<p>Information published.</p>
5.0
2026-02-19T01:10:41
<p>Information published.</p>
8.0
2026-03-31T14:37:11
<p>Information published.</p>
10.0
2026-05-06T14:37:31
<p>Information published.</p>
13.0
2026-05-17T14:38:35
<p>Information published.</p>
Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
apache
Yes
CVE-2022-24963
Integer Overflow or Wraparound
18847-17084
18090-17084
18847-17084
18090-17084
Critical
18847-17084
Critical
18090-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18847-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18090-17084
CBL-Mariner Releases
18847-17084
No
Security Update
1.7.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18847-17084
CBL-Mariner Releases
1.0
2025-09-03T23:35:51
<p>Information published.</p>
1.1
2026-02-18T14:58:11
<p>Information published.</p>
Speculative execution attacks in KVM VMX
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2022-2196
Initialization of a Resource with an Insecure Default
17935-16820
17930-16823
17935-16820
17930-16823
Important
17935-16820
Important
17930-16823
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
17935-16820
8.8
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
17930-16823
CBL-Mariner Releases
17935-16820
No
Security Update
5.10.172.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17935-16820
CBL-Mariner Releases
CBL-Mariner Releases
17930-16823
No
Security Update
5.15.102.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17930-16823
CBL-Mariner Releases
1.0
2023-01-14T00:00:00
<p>Information published.</p>
1.1
2023-03-20T00:00:00
<p>Information published.</p>
Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
apache
Yes
CVE-2022-25147
Integer Overflow or Wraparound
18459-16820
18460-16823
18459-16820
18460-16823
Moderate
18459-16820
Moderate
18460-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
18459-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
18460-16823
CBL-Mariner Releases
18459-16820
18460-16823
No
Security Update
1.6.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18459-16820
18460-16823
CBL-Mariner Releases
1.0
2023-02-06T00:00:00
<p>Information published.</p>
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server when that server reads the cache policy from the request using this library.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
snyk
Yes
CVE-2022-25881
Inefficient Regular Expression Complexity
17867-16823
19712-17086
19693-17084
17867-16823
19712-17086
19693-17084
Important
17867-16823
Important
19712-17086
Important
19693-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17867-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19712-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19693-17084
CBL-Mariner Releases
17867-16823
No
Security Update
16.20.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17867-16823
CBL-Mariner Releases
1.2
2026-02-18T02:42:48
<p>Information published.</p>
1.0
2023-02-02T00:00:00
<p>Information published.</p>
1.1
2023-08-03T00:00:00
<p>Information published.</p>
Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
apache
Yes
CVE-2022-28331
Integer Overflow or Wraparound
1.0
2023-07-03T00:00:00
<p>Information published.</p>
An UPDATE message flood may cause named to exhaust all available memory
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
isc
Yes
CVE-2022-3094
Use After Free
18456-16820
18457-16823
18456-16820
18457-16823
Important
18456-16820
Important
18457-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18456-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18457-16823
CBL-Mariner Releases
18456-16820
No
Security Update
9.16.37-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18456-16820
CBL-Mariner Releases
CBL-Mariner Releases
18457-16823
No
Security Update
9.16.37-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18457-16823
CBL-Mariner Releases
1.0
2023-02-04T00:00:00
<p>Information published.</p>
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application possibly resulting in a denial of service (DoS) attack.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-3437
Heap-based Buffer Overflow
16864-17084
16864-17084
Moderate
16864-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
16864-17084
CBL-Mariner Releases
16864-17084
No
Security Update
4.18.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16864-17084
CBL-Mariner Releases
1.0
2024-10-15T00:00:00
<p>Information published.</p>
Integer overflow in certain command arguments can drive Redis to OOM panic
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2022-35977
Integer Overflow or Wraparound
18001-16820
18002-16823
18001-16820
18002-16823
Moderate
18001-16820
Moderate
18002-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18001-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18002-16823
CBL-Mariner Releases
18001-16820
No
Security Update
6.2.7-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18001-16820
CBL-Mariner Releases
CBL-Mariner Releases
18002-16823
No
Security Update
6.2.9-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18002-16823
CBL-Mariner Releases
1.0
2023-01-30T00:00:00
<p>Information published.</p>
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump and dump privileged information.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-3650
Placement of User into Incorrect Group
16939-17084
19856-17084
19814-17086
16939-17084
19856-17084
19814-17086
Important
16939-17084
Important
19856-17084
Important
19814-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16939-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19856-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19814-17086
CBL-Mariner Releases
16939-17084
19856-17084
No
Security Update
18.2.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16939-17084
19856-17084
CBL-Mariner Releases
CBL-Mariner Releases
19814-17086
No
Security Update
16.2.10-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19814-17086
CBL-Mariner Releases
1.2
2024-12-03T00:00:00
<p>Added ceph to CBL-Mariner 2.0
Added ceph to Azure Linux 3.0</p>
1.0
2024-04-08T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
1.3
2026-02-18T02:44:53
<p>Information published.</p>
Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
apache
Yes
CVE-2022-37436
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
18470-16820
18471-16823
17683-17084
18470-16820
18471-16823
17683-17084
Moderate
18470-16820
Moderate
18471-16823
Moderate
17683-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18470-16820
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
18471-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
17683-17084
CBL-Mariner Releases
18470-16820
18471-16823
No
Security Update
2.4.55-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18470-16820
18471-16823
CBL-Mariner Releases
CBL-Mariner Releases
17683-17084
No
Security Update
2.0.29-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17683-17084
CBL-Mariner Releases
1.1
2025-05-15T00:00:00
<p>Added mod_http2 to Azure Linux 3.0
Added httpd to CBL-Mariner 1.0
Added httpd to CBL-Mariner 2.0</p>
1.0
2023-02-02T00:00:00
<p>Information published.</p>
named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
isc
Yes
CVE-2022-3924
Reachable Assertion
18456-16820
18457-16823
18456-16820
18457-16823
Important
18456-16820
Important
18457-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18456-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18457-16823
CBL-Mariner Releases
18456-16820
No
Security Update
9.16.37-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18456-16820
CBL-Mariner Releases
CBL-Mariner Releases
18457-16823
No
Security Update
9.16.37-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18457-16823
CBL-Mariner Releases
1.0
2023-02-07T00:00:00
<p>Information published.</p>
In freeradius when an EAP-SIM supplicant sends an unknown SIM option the server will try to look that option up in the internal dictionaries. This lookup will fail but the SIM code will not check for that failure. Instead it will dereference a NULL pointer and cause the server to crash.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-41860
NULL Pointer Dereference
19509-16823
19509-16823
Important
19509-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19509-16823
CBL-Mariner Releases
19509-16823
No
Security Update
3.2.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19509-16823
CBL-Mariner Releases
1.0
2023-01-25T00:00:00
<p>Information published.</p>
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-41861
Improper Input Validation
19509-16823
19509-16823
Moderate
19509-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19509-16823
CBL-Mariner Releases
19509-16823
No
Security Update
3.2.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19509-16823
CBL-Mariner Releases
1.0
2023-01-25T00:00:00
<p>Information published.</p>
Git clone remote code execution vulnerability in git-for-windows
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2022-41953
Untrusted Search Path
18481-16820
18482-16823
18481-16820
18482-16823
Important
18481-16820
Important
18482-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18481-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18482-16823
CBL-Mariner Releases
18481-16820
No
Security Update
2.33.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18481-16820
CBL-Mariner Releases
CBL-Mariner Releases
18482-16823
No
Security Update
2.33.8-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18482-16823
CBL-Mariner Releases
1.0
2023-01-23T00:00:00
<p>Information published.</p>
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-4338
Out-of-bounds Read
17058-16820
17059-16823
17058-16820
17059-16823
Critical
17058-16820
Critical
17059-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17058-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17059-16823
CBL-Mariner Releases
17058-16820
No
Security Update
2.15.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17058-16820
CBL-Mariner Releases
CBL-Mariner Releases
17059-16823
No
Security Update
2.17.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17059-16823
CBL-Mariner Releases
1.0
2023-01-14T00:00:00
<p>Information published.</p>
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitLab
Yes
CVE-2022-4344
Uncontrolled Resource Consumption
18324-16823
18324-16823
Moderate
18324-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
18324-16823
CBL-Mariner Releases
18324-16823
No
Security Update
4.0.8-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18324-16823
CBL-Mariner Releases
1.0
2023-01-20T00:00:00
<p>Information published.</p>
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-4415
Exposure of Sensitive Information to an Unauthorized Actor
18486-16820
18487-16823
18488-16823
18489-17084
18547-17084
18486-16820
18487-16823
18488-16823
18489-17084
18547-17084
Moderate
18486-16820
Moderate
18487-16823
Moderate
18488-16823
Moderate
18489-17084
Moderate
18547-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18486-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18487-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18488-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18489-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
18547-17084
CBL-Mariner Releases
18486-16820
No
Security Update
239-43
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18486-16820
CBL-Mariner Releases
CBL-Mariner Releases
18487-16823
No
Security Update
250.3-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18487-16823
CBL-Mariner Releases
CBL-Mariner Releases
18488-16823
No
Security Update
250.3-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18488-16823
CBL-Mariner Releases
CBL-Mariner Releases
18489-17084
18547-17084
No
Security Update
250.3-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18489-17084
18547-17084
CBL-Mariner Releases
1.0
2023-01-17T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
1.2
2026-02-18T02:08:13
<p>Information published.</p>
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
MITRE
Yes
CVE-2022-48303
Out-of-bounds Read
20044-17086
20044-17086
Moderate
20044-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
20044-17086
CBL-Mariner Releases
20044-17086
No
Security Update
1.34-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20044-17086
CBL-Mariner Releases
1.0
2024-11-23T00:00:00
<p>Information published.</p>
1.1
2026-02-18T02:24:17
<p>Information published.</p>
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2018-25078
16983-16820
16983-16820
Important
16983-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
16983-16820
CBL-Mariner Releases
16983-16820
No
Security Update
2.8.4-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16983-16820
CBL-Mariner Releases
1.0
2025-10-01T23:11:01
<p>Information published.</p>
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-45639
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
20112-17084
19657-16823
20112-17084
19657-16823
Important
20112-17084
Important
19657-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20112-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19657-16823
CBL-Mariner Releases
20112-17084
19657-16823
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20112-17084
19657-16823
CBL-Mariner Releases
1.0
2025-09-03T21:54:36
<p>Information published.</p>
1.1
2026-02-18T02:04:06
<p>Information published.</p>
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-47021
NULL Pointer Dereference
19658-16823
19658-16823
Important
19658-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19658-16823
CBL-Mariner Releases
19658-16823
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19658-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:27
<p>Information published.</p>
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-4743
Missing Release of Memory after Effective Lifetime
1.0
2025-08-07T00:00:00
<p>Information published.</p>
Out-of-bounds Read in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2023-0049
18007-16820
18010-16823
18007-16820
18010-16823
Important
18007-16820
Important
18010-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18007-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18010-16823
CBL-Mariner Releases
18007-16820
No
Security Update
9.0.1189-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18007-16820
CBL-Mariner Releases
CBL-Mariner Releases
18010-16823
No
Security Update
9.0.1145-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18010-16823
CBL-Mariner Releases
1.0
2023-01-12T00:00:00
<p>Information published.</p>
Out-of-bounds Write in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2023-0054
18007-16820
18010-16823
18007-16820
18010-16823
Important
18007-16820
Important
18010-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18007-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
18010-16823
CBL-Mariner Releases
18007-16820
No
Security Update
9.0.1189-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18007-16820
CBL-Mariner Releases
CBL-Mariner Releases
18010-16823
No
Security Update
9.0.1145-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18010-16823
CBL-Mariner Releases
1.0
2023-01-12T00:00:00
<p>Information published.</p>
Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2023-0266
Use After Free
17992-16820
17993-16820
17994-16823
17995-16823
17992-16820
17993-16820
17994-16823
17995-16823
Important
17992-16820
Important
17993-16820
Important
17994-16823
Important
17995-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17992-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17993-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17994-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17995-16823
CBL-Mariner Releases
17992-16820
17993-16820
No
Security Update
5.10.168.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17992-16820
17993-16820
CBL-Mariner Releases
CBL-Mariner Releases
17994-16823
No
Security Update
5.15.92.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17994-16823
CBL-Mariner Releases
CBL-Mariner Releases
17995-16823
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17995-16823
CBL-Mariner Releases
1.0
2023-02-03T00:00:00
<p>Information published.</p>
1.1
2023-02-07T00:00:00
<p>Added kernel to CBL-Mariner 2.0</p>
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-0394
NULL Pointer Dereference
17997-16820
17994-16823
17995-16823
17997-16820
17994-16823
17995-16823
Moderate
17997-16820
Moderate
17994-16823
Moderate
17995-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17997-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17994-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17995-16823
CBL-Mariner Releases
17997-16820
No
Security Update
5.10.167.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17997-16820
CBL-Mariner Releases
CBL-Mariner Releases
17994-16823
No
Security Update
5.15.92.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17994-16823
CBL-Mariner Releases
CBL-Mariner Releases
17995-16823
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17995-16823
CBL-Mariner Releases
1.0
2023-02-02T00:00:00
<p>Information published.</p>
Heap-based Buffer Overflow in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
@huntrdev
Yes
CVE-2023-0433
17990-16820
17991-16823
17990-16820
17991-16823
Important
17990-16820
Important
17991-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
17990-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
17991-16823
CBL-Mariner Releases
17990-16820
17991-16823
No
Security Update
9.0.1247-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17990-16820
17991-16823
CBL-Mariner Releases
1.0
2023-01-30T00:00:00
<p>Information published.</p>
1.1
2023-01-31T00:00:00
<p>Added vim to CBL-Mariner 1.0</p>
A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-0468
Use After Free
17936-16820
17994-16823
17936-16820
17994-16823
Moderate
17936-16820
Moderate
17994-16823
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17936-16820
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17994-16823
CBL-Mariner Releases
17936-16820
No
Security Update
5.10.189.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17936-16820
CBL-Mariner Releases
CBL-Mariner Releases
17994-16823
No
Security Update
5.15.92.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17994-16823
CBL-Mariner Releases
1.0
2023-02-02T00:00:00
<p>Information published.</p>
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2023-0469
Use After Free
17823-16820
17824-16823
17823-16820
17824-16823
Moderate
17823-16820
Moderate
17824-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17823-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17824-16823
CBL-Mariner Releases
17823-16820
No
Security Update
5.10.188.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17823-16820
CBL-Mariner Releases
CBL-Mariner Releases
17824-16823
No
Security Update
5.15.122.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17824-16823
CBL-Mariner Releases
1.0
2023-02-02T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21875
17950-16820
17958-16823
17950-16820
17958-16823
Moderate
17950-16820
Moderate
17958-16823
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
17950-16820
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-25T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21878
17950-16820
17958-16823
17950-16820
17958-16823
Moderate
17950-16820
Moderate
17958-16823
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17950-16820
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-25T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21880
17950-16820
17958-16823
17950-16820
17958-16823
Moderate
17950-16820
Moderate
17958-16823
5.5
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
17950-16820
5.5
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-26T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21882
17950-16820
17958-16823
17950-16820
17958-16823
Low
17950-16820
Low
17958-16823
2.7
2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
17950-16820
2.7
2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-26T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21883
17950-16820
17958-16823
17950-16820
17958-16823
Moderate
17950-16820
Moderate
17958-16823
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17950-16820
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-26T00:00:00
<p>Information published.</p>
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21887
17950-16820
17958-16823
17950-16820
17958-16823
Moderate
17950-16820
Moderate
17958-16823
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17950-16820
4.9
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17958-16823
CBL-Mariner Releases
17950-16820
17958-16823
No
Security Update
8.0.32-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17950-16820
17958-16823
CBL-Mariner Releases
1.0
2023-01-26T00:00:00
<p>Information published.</p>
Integer overflow in multiple Redis commands can lead to denial-of-service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-22458
Integer Overflow or Wraparound
18001-16820
18002-16823
18001-16820
18002-16823
Moderate
18001-16820
Moderate
18002-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18001-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18002-16823
CBL-Mariner Releases
18001-16820
No
Security Update
6.2.7-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18001-16820
CBL-Mariner Releases
CBL-Mariner Releases
18002-16823
No
Security Update
6.2.9-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18002-16823
CBL-Mariner Releases
1.0
2023-01-24T00:00:00
<p>Information published.</p>
Buffer Overlow in TSS2_RC_Decode in tpm2-tss
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2023-22745
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
17999-16820
18000-16823
17999-16820
18000-16823
Moderate
17999-16820
Moderate
18000-16823
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
17999-16820
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
18000-16823
CBL-Mariner Releases
17999-16820
18000-16823
No
Security Update
2.4.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17999-16820
18000-16823
CBL-Mariner Releases
1.0
2023-01-24T00:00:00
<p>Information published.</p>
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-22895
Integer Overflow or Wraparound
18009-16820
18009-16820
Important
18009-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18009-16820
CBL-Mariner Releases
18009-16820
No
Security Update
60.9.0-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18009-16820
CBL-Mariner Releases
1.0
2023-01-17T00:00:00
<p>Information published.</p>
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-23454
Access of Resource Using Incompatible Type ('Type Confusion')
17997-16820
18005-16823
18006-16823
17997-16820
18005-16823
18006-16823
Moderate
17997-16820
Moderate
18005-16823
Moderate
18006-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17997-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18005-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18006-16823
CBL-Mariner Releases
17997-16820
No
Security Update
5.10.167.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17997-16820
CBL-Mariner Releases
CBL-Mariner Releases
18005-16823
18006-16823
No
Security Update
5.15.87.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18005-16823
18006-16823
CBL-Mariner Releases
1.0
2023-01-21T00:00:00
<p>Information published.</p>
1.1
2023-01-24T00:00:00
<p>Added hyperv-daemons to CBL-Mariner 2.0</p>
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-23455
Access of Resource Using Incompatible Type ('Type Confusion')
17997-16820
18006-16823
17997-16820
18006-16823
Moderate
17997-16820
Moderate
18006-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17997-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18006-16823
CBL-Mariner Releases
17997-16820
No
Security Update
5.10.167.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17997-16820
CBL-Mariner Releases
CBL-Mariner Releases
18006-16823
No
Security Update
5.15.87.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18006-16823
CBL-Mariner Releases
1.0
2023-01-21T00:00:00
<p>Information published.</p>
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5 there is an integer overflow in an addition.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-23559
Integer Overflow or Wraparound
17992-16820
17994-16823
17992-16820
17994-16823
Important
17992-16820
Important
17994-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17992-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17994-16823
CBL-Mariner Releases
17992-16820
No
Security Update
5.10.168.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17992-16820
CBL-Mariner Releases
CBL-Mariner Releases
17994-16823
No
Security Update
5.15.92.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17994-16823
CBL-Mariner Releases
1.0
2023-01-24T00:00:00
<p>Information published.</p>
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run on
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
oracle
Yes
CVE-2023-21843
16968-16820
16968-16820
Low
16968-16820
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
16968-16820
CBL-Mariner Releases
16968-16820
No
Security Update
1.8.0.332-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16968-16820
CBL-Mariner Releases
1.0
2025-10-01T23:11:28
<p>Information published.</p>
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2023-22809
Improper Privilege Management
18003-16820
18004-16823
18003-16820
18004-16823
Important
18003-16820
Important
18004-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18003-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18004-16823
CBL-Mariner Releases
18003-16820
18004-16823
No
Security Update
1.9.12p2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18003-16820
18004-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:30
<p>Information published.</p>
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-4139
Improper Preservation of Permissions
17992-16820
18453-16823
17992-16820
18453-16823
Important
17992-16820
Important
18453-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17992-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18453-16823
CBL-Mariner Releases
17992-16820
No
Security Update
5.10.168.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17992-16820
CBL-Mariner Releases
CBL-Mariner Releases
18453-16823
No
Security Update
5.15.92.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18453-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:24
<p>Information published.</p>
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-47015
NULL Pointer Dereference
18477-16820
18478-16823
18477-16820
18478-16823
Moderate
18477-16820
Moderate
18478-16823
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18477-16820
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18478-16823
CBL-Mariner Releases
18477-16820
No
Security Update
10.3.36-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18477-16820
CBL-Mariner Releases
CBL-Mariner Releases
18478-16823
No
Security Update
10.6.9-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18478-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:26
<p>Information published.</p>
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-4285
NULL Pointer Dereference
17988-16820
18479-16823
17988-16820
18479-16823
Moderate
17988-16820
Moderate
18479-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17988-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18479-16823
CBL-Mariner Releases
17988-16820
No
Security Update
2.36.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17988-16820
CBL-Mariner Releases
CBL-Mariner Releases
18479-16823
No
Security Update
2.37-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18479-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:25
<p>Information published.</p>
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-46456
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
19796-17084
17667-17084
19668-17086
18427-16820
18428-16823
21097-17084
19796-17084
17667-17084
19668-17086
18427-16820
18428-16823
21097-17084
Moderate
19796-17084
Moderate
17667-17084
Moderate
19668-17086
Moderate
18427-16820
Moderate
18428-16823
Moderate
21097-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
19796-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
17667-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
19668-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
18427-16820
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
18428-16823
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
21097-17084
CBL-Mariner Releases
19796-17084
21097-17084
No
Security Update
2.16.01-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19796-17084
21097-17084
CBL-Mariner Releases
CBL-Mariner Releases
18427-16820
18428-16823
No
Security Update
2.16-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18427-16820
18428-16823
CBL-Mariner Releases
1.0
2025-09-03T19:55:17
<p>Information published.</p>
2.0
2026-03-20T01:35:47
<p>Information published.</p>
1.1
2026-02-18T01:13:13
<p>Information published.</p>
3.0
2026-03-31T14:39:19
<p>Information published.</p>
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-3715
Improper Restriction of Operations within the Bounds of a Memory Buffer
18499-16820
18499-16820
Important
18499-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18499-16820
CBL-Mariner Releases
18499-16820
No
Security Update
4.4.23-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18499-16820
CBL-Mariner Releases
1.0
2025-10-01T23:11:21
<p>Information published.</p>
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory for example "../../../etc/passwd"
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
snyk
Yes
CVE-2022-25882
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
19497-16823
19497-16823
Important
19497-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
19497-16823
CBL-Mariner Releases
19497-16823
No
Security Update
2.0.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19497-16823
CBL-Mariner Releases
1.0
2023-04-03T00:00:00
<p>Information published.</p>
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application for example a malicious S/MIME attachment.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-3515
Integer Overflow or Wraparound
18483-16820
18484-16820
18485-16823
18483-16820
18484-16820
18485-16823
Critical
18483-16820
Critical
18484-16820
Critical
18485-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18483-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18484-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18485-16823
CBL-Mariner Releases
18483-16820
No
Security Update
1.3.5-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18483-16820
CBL-Mariner Releases
CBL-Mariner Releases
18484-16820
No
Security Update
2.2.20-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18484-16820
CBL-Mariner Releases
CBL-Mariner Releases
18485-16823
No
Security Update
2.4.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18485-16823
CBL-Mariner Releases
1.0
2023-01-21T00:00:00
<p>Information published.</p>
1.1
2023-03-25T00:00:00
<p>Information published.</p>
Apache HTTP Server: mod_proxy_ajp Possible request smuggling
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
apache
Yes
CVE-2022-36760
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
18470-16820
18471-16823
18470-16820
18471-16823
Critical
18470-16820
Critical
18471-16823
9.0
9.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
18470-16820
9.0
9.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
18471-16823
CBL-Mariner Releases
18470-16820
18471-16823
No
Security Update
2.4.55-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18470-16820
18471-16823
CBL-Mariner Releases
1.0
2023-01-23T00:00:00
<p>Information published.</p>
named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
isc
Yes
CVE-2022-3736
18456-16820
18457-16823
18456-16820
18457-16823
Important
18456-16820
Important
18457-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18456-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18457-16823
CBL-Mariner Releases
18456-16820
No
Security Update
9.16.37-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18456-16820
CBL-Mariner Releases
CBL-Mariner Releases
18457-16823
No
Security Update
9.16.37-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18457-16823
CBL-Mariner Releases
1.0
2023-02-04T00:00:00
<p>Information published.</p>
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-38725
Integer Overflow or Wraparound
18461-16820
18462-16823
18463-17084
18461-16820
18462-16823
18463-17084
Important
18461-16820
Important
18462-16823
Important
18463-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18461-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18462-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18463-17084
CBL-Mariner Releases
18461-16820
No
Security Update
3.23.1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18461-16820
CBL-Mariner Releases
CBL-Mariner Releases
18462-16823
No
Security Update
3.33.2-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18462-16823
CBL-Mariner Releases
CBL-Mariner Releases
18463-17084
No
Security Update
4.3.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18463-17084
CBL-Mariner Releases
1.0
2023-02-04T00:00:00
<p>Information published.</p>
Request smuggling due to improper request handling in golang.org/x/net/http2/h2c
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2022-41721
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
19508-16823
19508-16823
Important
19508-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19508-16823
CBL-Mariner Releases
19508-16823
No
Security Update
0.50.2-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19508-16823
CBL-Mariner Releases
1.0
2023-01-23T00:00:00
<p>Information published.</p>
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-41858
NULL Pointer Dereference
17997-16820
18006-16823
17997-16820
18006-16823
Important
17997-16820
Important
18006-16823
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17997-16820
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
18006-16823
CBL-Mariner Releases
17997-16820
No
Security Update
5.10.167.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17997-16820
CBL-Mariner Releases
CBL-Mariner Releases
18006-16823
No
Security Update
5.15.87.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18006-16823
CBL-Mariner Releases
1.0
2023-01-24T00:00:00
<p>Information published.</p>
Integer overflow in `git archive` `git log --format` leading to RCE in git
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2022-41903
Integer Overflow or Wraparound
18481-16820
18482-16823
18481-16820
18482-16823
Critical
18481-16820
Critical
18482-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18481-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18482-16823
CBL-Mariner Releases
18481-16820
No
Security Update
2.33.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18481-16820
CBL-Mariner Releases
CBL-Mariner Releases
18482-16823
No
Security Update
2.33.8-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18482-16823
CBL-Mariner Releases
1.0
2023-01-23T00:00:00
<p>Information published.</p>
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-4337
Out-of-bounds Read
17058-16820
17059-16823
17058-16820
17059-16823
Critical
17058-16820
Critical
17059-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17058-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17059-16823
CBL-Mariner Releases
17058-16820
No
Security Update
2.15.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17058-16820
CBL-Mariner Releases
CBL-Mariner Releases
17059-16823
No
Security Update
2.17.5-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17059-16823
CBL-Mariner Releases
1.0
2023-01-14T00:00:00
<p>Information published.</p>
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-4378
Out-of-bounds Write
18494-16820
18494-16820
Important
18494-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18494-16820
CBL-Mariner Releases
18494-16820
No
Security Update
5.10.164.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18494-16820
CBL-Mariner Releases
1.0
2023-01-12T00:00:00
<p>Information published.</p>
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2022-4379
Use After Free
18480-16820
17902-16820
18005-16823
17903-16823
18480-16820
17902-16820
18005-16823
17903-16823
Important
18480-16820
Important
17902-16820
Important
18005-16823
Important
17903-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18480-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17902-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18005-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17903-16823
CBL-Mariner Releases
18480-16820
No
Security Update
5.10.174.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18480-16820
CBL-Mariner Releases
CBL-Mariner Releases
17902-16820
No
Security Update
5.10.177.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17902-16820
CBL-Mariner Releases
CBL-Mariner Releases
18005-16823
No
Security Update
5.15.87.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18005-16823
CBL-Mariner Releases
CBL-Mariner Releases
17903-16823
No
Security Update
5.15.107.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17903-16823
CBL-Mariner Releases
1.0
2023-01-23T00:00:00
<p>Information published.</p>
1.1
2023-01-14T00:00:00
<p>Information published.</p>
Cargo did not verify SSH host keys
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2022-46176
Improper Verification of Cryptographic Signature
19671-17084
19686-17084
17941-16820
18491-16823
19671-17084
19686-17084
17941-16820
18491-16823
Moderate
19671-17084
Moderate
19686-17084
Moderate
17941-16820
Moderate
18491-16823
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
19671-17084
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
19686-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
17941-16820
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
18491-16823
CBL-Mariner Releases
17941-16820
No
Security Update
1.59.0-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17941-16820
CBL-Mariner Releases
CBL-Mariner Releases
18491-16823
No
Security Update
1.68.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18491-16823
CBL-Mariner Releases
1.2
2026-02-21T03:58:33
<p>Information published.</p>
1.0
2023-01-17T00:00:00
<p>Information published.</p>
1.1
2023-04-16T00:00:00
<p>Information published.</p>
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-46457
19668-17086
18427-16820
18428-16823
17667-17084
19668-17086
18427-16820
18428-16823
17667-17084
Moderate
19668-17086
Moderate
18427-16820
Moderate
18428-16823
Moderate
17667-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19668-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18427-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18428-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
17667-17084
CBL-Mariner Releases
18427-16820
18428-16823
No
Security Update
2.16-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18427-16820
18428-16823
CBL-Mariner Releases
1.2
2026-02-18T03:09:19
<p>Information published.</p>
1.0
2023-01-12T00:00:00
<p>Information published.</p>
1.1
2023-06-03T00:00:00
<p>Information published.</p>
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag which signals that the operation won't use current->nsproxy so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Google
Yes
CVE-2022-4696
Use After Free
17863-16820
17863-16820
Important
17863-16820
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17863-16820
CBL-Mariner Releases
17863-16820
No
Security Update
5.10.181.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17863-16820
CBL-Mariner Releases
1.0
2023-05-13T00:00:00
<p>Information published.</p>
1.1
2023-06-13T00:00:00
<p>Information published.</p>
In the Linux kernel before 6.1.6 a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-47929
NULL Pointer Dereference
17997-16820
17995-16823
17994-16823
17997-16820
17995-16823
17994-16823
Moderate
17997-16820
Moderate
17995-16823
Moderate
17994-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17997-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17995-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17994-16823
CBL-Mariner Releases
17997-16820
No
Security Update
5.10.167.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17997-16820
CBL-Mariner Releases
CBL-Mariner Releases
17995-16823
No
Security Update
-
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17995-16823
CBL-Mariner Releases
CBL-Mariner Releases
17994-16823
No
Security Update
5.15.92.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17994-16823
CBL-Mariner Releases
1.0
2023-01-24T00:00:00
<p>Information published.</p>
1.1
2023-01-30T00:00:00
<p>Added hyperv-daemons to CBL-Mariner 2.0</p>
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g. "WRITE of size 307203") via a crafted TIFF image.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-48281
Out-of-bounds Write
18474-16820
18475-16823
18474-16820
18475-16823
Moderate
18474-16820
Moderate
18475-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18474-16820
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
18475-16823
CBL-Mariner Releases
18474-16820
18475-16823
No
Security Update
4.4.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18474-16820
18475-16823
CBL-Mariner Releases
1.0
2023-01-31T00:00:00
<p>Information published.</p>
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2022-48285
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
20041-17084
19034-17084
17848-16820
18469-17084
20041-17084
19034-17084
17848-16820
18469-17084
Important
20041-17084
Important
19034-17084
Important
17848-16820
Important
18469-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
20041-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19034-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17848-16820
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
18469-17084
CBL-Mariner Releases
17848-16820
No
Security Update
60.9.0-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17848-16820
CBL-Mariner Releases
CBL-Mariner Releases
18469-17084
No
Security Update
102.15.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18469-17084
CBL-Mariner Releases
1.0
2023-02-02T00:00:00
<p>Information published.</p>
1.1
2024-06-30T07:00:00
<p>Information published.</p>
1.2
2026-02-19T01:17:16
<p>Information published.</p>
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm
12667-12139
12668-12139
12669-12139
12673-12139
12670-12140
12671-12140
12672-12140
19809-17086
19662-17086
17459-17084
17093-17086
17238-17086
12667-12139
12668-12139
12669-12139
12673-12139
12670-12140
12671-12140
12672-12140
19809-17086
19662-17086
17459-17084
17093-17086
17238-17086
12667-12139
12668-12139
12669-12139
12673-12139
12670-12140
12671-12140
12672-12140
19809-17086
19662-17086
Moderate
17459-17084
Moderate
17093-17086
Moderate
17238-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12667-12139
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12668-12139
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12669-12139
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12673-12139
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12670-12140
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12671-12140
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
12672-12140
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
19809-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
19662-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17459-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17093-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
17238-17086
CBL-Mariner Releases
12667-12139
12668-12139
12669-12139
12670-12140
12671-12140
12672-12140
No
Security Update
2.0.9-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
12667-12139
12668-12139
12669-12139
12670-12140
12671-12140
12672-12140
CBL-Mariner Releases
CBL-Mariner Releases
12673-12139
19809-17086
17238-17086
No
Security Update
1.0.1-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
12673-12139
19809-17086
17238-17086
CBL-Mariner Releases
1.0
2023-01-23T00:00:00
<p>Information published.</p>
1.1
2024-11-28T00:00:00
<p>Added hvloader to CBL-Mariner 2.0
Added fluent-bit to CBL-Mariner 2.0</p>
2.0
2026-02-19T01:23:18
<p>Information published.</p>
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2018-14628
Missing Authorization
16863-16823
16863-16823
Moderate
16863-16823
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
16863-16823
CBL-Mariner Releases
16863-16823
No
Security Update
4.12.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16863-16823
CBL-Mariner Releases
1.0
2025-10-01T23:11:01
<p>Information published.</p>
Windows Cryptographic Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets.</p>
Windows Cryptographic Services
Microsoft
Yes
CVE-2023-21540
Improper Input Validation
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
Microsoft Offensive Research and Security Engineering (MORSE)
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows GDI Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Graphics Component
Microsoft
Yes
CVE-2023-21552
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11568
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11569
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11570
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11571
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11572
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11923
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11924
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11801
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11802
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11926
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11927
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11929
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11930
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
11931
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12085
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12086
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12097
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12098
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
12099
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10729
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10735
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10852
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10853
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10816
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10855
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10047
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10048
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10481
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10482
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10484
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9312
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10287
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9318
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9344
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10051
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10049
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10378
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10379
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10483
7.8
7.0
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://twitter.com/uuulucky">luckyu</a> with <a href="https://www.nsfocus.com.cn/">NSFOCUS TIANYUAN LAB</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
Windows Point-to-Point Tunneling Protocol
Microsoft
Yes
CVE-2023-21712
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
11568
11569
11570
11571
11572
11896
11897
11898
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11896
Remote Code Execution
11897
Remote Code Execution
11898
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11896
Critical
11897
Critical
11898
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10481
Critical
10482
Critical
10484
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11896
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11897
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11898
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5019966
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019966
5018419
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3650
5019966
https://support.microsoft.com/help/5019966
11568
11569
11570
11571
11572
5019959
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959
5018410
11896
11897
11898
Yes
Security Update
10.0.19043.2251
5019959
https://support.microsoft.com/help/5019959
11896
11897
11898
11801
11802
11929
11930
11931
5019081
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019081
5018421
11923
11924
Yes
Security Update
10.0.20348.1249
5019080
11923
11924
Yes
Security Hotpatch Update
10.0.20348.1251
5019959
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959
5018410
11801
11802
Yes
Security Update
10.0.19042.2251
5019961
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019961
5018418
11926
11927
Yes
Security Update
10.0.22000.1219
5019959
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019959
5018410
11929
11930
11931
Yes
Security Update
10.0.19044.2251
5019980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019980
5018427
12085
12086
Yes
Security Update
10.0.22621.819
5019980
https://support.microsoft.com/help/5019980
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022282
https://support.microsoft.com/help/5022282
12097
12098
12099
5019970
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019970
10729
10735
Security Update
10.0.10240.19562
5019970
https://support.microsoft.com/help/5019970
10729
10735
5019964
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5019964
5018411
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5501
5020023
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020023
5018474
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20671
5020023
https://support.microsoft.com/help/5020023
10481
10482
10483
10543
5020010
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020010
10481
10482
10483
10543
Yes
Security Only
6.3.9600.20670
5020010
https://support.microsoft.com/help/5020010
10481
10482
10484
10483
10543
5020010
10484
Yes
Security Only
6.3.9600.20670
5020009
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020009
5018457
10378
10379
Yes
Monthly Rollup
6.2.9200.23968
5020009
https://support.microsoft.com/help/5020009
10378
10379
5020003
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5020003
10378
10379
Yes
Security Only
6.2.9200.23968
5020003
https://support.microsoft.com/help/5020003
10378
10379
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-01-26T08:00:00
<p>Information published. This CVE was addressed by updates that were released in November 2022, but the CVE was inadvertently omitted from the November 2022 Security Updates. This is an informational change only. Customers who have already installed the November 2022 updates do not need to take any further action.</p>
1.1
2023-01-27T08:00:00
<p>Fixed some incorrect KB numbers. This is an information change only.</p>
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could impersonate the group Managed Service Account (gMSA) to perform actions or access resources over the network.</p>
Windows Local Security Authority (LSA)
Microsoft
Yes
CVE-2023-21524
Use of Hard-coded Credentials
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Andrey Shaporev with <a href="https://www.netwrix.com/">Netwrix</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
1.1
2023-01-23T08:00:00
<p>Corrected security updates table. This is an informational change only.</p>
2.0
2023-01-23T08:00:00
<p>Revised the Security Updates table to include Windows 8.1 for 32-bit systems because it is affected by CVE-2023-21524 and removed Windows 7 for 32-bit Systems Service Pack 1 as it is not affected. Microsoft recommends that customers running Windows 8.1 for 32-bit systems should install security update 5022338 to be protected from this vulnerability.</p>
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Secure Socket Tunneling Protocol (SSTP)
Microsoft
Yes
CVE-2023-21535
Sensitive Data Storage in Improperly Locked Memory
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10481
10482
10484
9312
10287
9318
9344
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Azure Service Fabric Container Elevation of Privilege Vulnerability
<p><strong>Which Azure service(s) does this affect?</strong></p>
<p>This vulnerability affects Azure Service Fabric clusters and standalone Service Fabric clusters orchestrated by Docker. Only users who implement the Docker app containers can be affected.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could elevate their privileges and gain control over the Service Fabric cluster. This vulnerability does not allow the attacker to elevate privileges outside of the compromised cluster.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to first compromise the Service Fabric container and for the targeted environment to be architected in a unique manner.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
<p><strong>How do I protect myself from this vulnerability?</strong></p>
<p>To be protected from this vulnerability customers must perform the following actions:</p>
<ol>
<li><p>Manually upgrade your Service Fabric Cluster runtime to the latest version(s) provided in <strong>8.2 CU8, 9.0 CU5, or 9.1 CU1 as appropriate</strong>. Guidance on how to perform an update can be found here: <a href="https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server">Upgrade the Service Fabric version that runs on your cluster</a>.</p>
</li>
<li><p>Manually enable and configure the <a href="https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-fabric-settings#setup">BlockAccessToWireServer</a> feature flag on your Service Fabric Clusters.</p>
</li>
</ol>
<p><strong>NOTE:</strong> This feature restricts connectivity to the internal Azure platform resource (168.63.129.16). Customers are highly encouraged to review their cluster endpoints and ensure they are not making any calls or requests to 168.63.129.16 prior to enabling this feature to prevent service interruptions.</p>
<p><strong>What Service Fabric versions are protected against this vulnerability?</strong></p>
<p>The Service Fabric versions listed below provide customers the ability to enable the <a href="https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-fabric-settings#setup"><strong>BlockAccessToWireServer</strong></a> feature flag which will protect against this vulnerability. Customers without auto-update enabled must update their Service Fabric resources as appropriate.</p>
<table>
<thead>
<tr>
<th>Product</th>
<th>Platform</th>
<th>Version</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Azure Service Fabric 8.2 CU8</strong></td>
<td>Windows</td>
<td>8.2.1723.9590</td>
</tr>
<tr>
<td><strong>Azure Service Fabric 8.2 CU8</strong></td>
<td>Ubuntu 18</td>
<td>8.2.1521.1</td>
</tr>
<tr>
<td><strong>Azure Service Fabric 9.0 CU5</strong></td>
<td>Ubuntu 18</td>
<td>9.0.1148.1</td>
</tr>
<tr>
<td><strong>Azure Service Fabric 9.0 CU5</strong></td>
<td>Ubuntu 20</td>
<td>9.0.1148.1</td>
</tr>
<tr>
<td><strong>Azure Service Fabric 9.0 CU5</strong></td>
<td>Windows</td>
<td>9.0.1155.9590</td>
</tr>
<tr>
<td><strong>Azure Service Fabric 9.1 CU1</strong></td>
<td>Ubuntu 18</td>
<td>9.1.1230.1</td>
</tr>
<tr>
<td><strong>Azure Service Fabric 9.1 CU1</strong></td>
<td>Ubuntu 20</td>
<td>9.1.1230.1</td>
</tr>
<tr>
<td><strong>Azure Service Fabric 9.1 CU1</strong></td>
<td>Windows</td>
<td>9.1.1436.9590</td>
</tr>
</tbody>
</table>
Azure Service Fabric Container
Microsoft
Yes
CVE-2023-21531
Improper Access Control
12124
12125
12126
Elevation of Privilege
12124
Elevation of Privilege
12125
Elevation of Privilege
12126
Important
12124
Important
12125
Important
12126
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12124
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12125
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12126
Release Notes
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server
12124
Maybe
Security Update
8.2 CU8
Release Notes
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server
12125
Maybe
Security Update
9.0 CU5
Release Notes
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server
12126
Maybe
Security Update
9.1 CU1
David Fiser of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> (Project Nebula)
Juho Nokela with M-Files </a>
1.1
2023-07-21T07:00:00
<p>Updated FAQ information. This is an informational change only.</p>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
.NET Denial of Service Vulnerability
.NET Core
Microsoft
Yes
CVE-2023-21538
Deserialization of Untrusted Data
12009
11970
Denial of Service
12009
Denial of Service
11970
Important
12009
Important
11970
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12009
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11970
5022546
https://dotnet.microsoft.com/download/dotnet/6.0
12009
Maybe
Security Update
6.0.13
Release Notes
https://github.com/PowerShell/Announcements/issues/36
11970
Maybe
Security Update
7.2.9
<a href="https://www.linkedin.com/in/jgorter/">Johan Gorter</a> with <a href="https://www.afas.nl/">AFAS Software</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-01-25T08:00:00
<p>Revised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/36">https://github.com/PowerShell/Announcements/issues/36</a> for more information.</p>
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
Windows Layer 2 Tunneling Protocol
Microsoft
Yes
CVE-2023-21546
Sensitive Data Storage in Improperly Locked Memory
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Windows Internet Key Exchange (IKE) Protocol
Microsoft
Yes
CVE-2023-21547
NULL Pointer Dereference
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
insu of 78ResearchLab working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
1.1
2023-01-13T08:00:00
<p>Added acknowledgements. This is an informational change only.</p>
Windows Authentication Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.</p>
Windows Authentication Methods
Microsoft
Yes
CVE-2023-21539
Out-of-bounds Read
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
Alexander Clouter with <a href="https://coremem.com/">coreMem Limited</a> and Alan DeKok with <a href="https://networkradius.com/">NetworkRADIUS</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Task Scheduler Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Task Scheduler
Microsoft
Yes
CVE-2023-21541
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://twitter.com/0x00c651e0">Ben Lincoln</a> with <a href="https://bishopfox.com/">Bishop Fox</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Installer Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Installer
Microsoft
Yes
CVE-2023-21542
Improper Link Resolution Before File Access ('Link Following')
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
QueryX Team of Theori working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
Windows Layer 2 Tunneling Protocol
Microsoft
Yes
CVE-2023-21543
Uncontrolled Resource Consumption
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://twitter.com/b2ahex">RyeLv (@b2ahex)</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would need to send a specially crafted malicious SSTP packet to a SSTP server. This could result in remote code execution on the server side.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Secure Socket Tunneling Protocol (SSTP)
Microsoft
Yes
CVE-2023-21548
Sensitive Data Storage in Improperly Locked Memory
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows SMB Witness Service Elevation of Privilege Vulnerability
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.</p>
Windows SMB
Microsoft
Yes
CVE-2023-21549
Improper Authorization
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://twitter.com/kupsul">Stiv Kupchik</a> and <a href=" https://twitter.com/OphirHarpaz">Ophir Harpaz</a> with Akamai
1.0
2023-01-10T08:00:00
<p>Information published.</p>
1.1
2023-01-17T08:00:00
<p>Updated CVE Tag. This is an informational change only.</p>
2.0
2023-01-23T08:00:00
<p>Revised the Security Updates table to include Windows 8.1 for 32-bit systems because it is affected by CVE-2023-21524 and removed Windows 7 for 32-bit Systems Service Pack 1 as it is not affected. Microsoft recommends that customers running Windows 8.1 for 32-bit systems should install security update 5022338 to be protected from this vulnerability.</p>
Windows Cryptographic Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets.</p>
Windows Cryptographic Services
Microsoft
Yes
CVE-2023-21550
Improper Input Validation
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
Microsoft Offensive Research and Security Engineering (MORSE)
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cryptographic Services
Microsoft
Yes
CVE-2023-21551
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
Microsoft Offensive Research and Security Engineering (MORSE)
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Layer 2 Tunneling Protocol
Microsoft
Yes
CVE-2023-21555
Time-of-check Time-of-use (TOCTOU) Race Condition
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Layer 2 Tunneling Protocol
Microsoft
Yes
CVE-2023-21556
Integer Underflow (Wrap or Wraparound)
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in bypassing a buffer length check which could be leveraged to achieve information leak.</p>
Windows LDAP - Lightweight Directory Access Protocol
Microsoft
Yes
CVE-2023-21557
Integer Overflow or Wraparound
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10047
Denial of Service
10048
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10047
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10048
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Microsoft Offensive Research and Security Engineering (MORSE)
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Error Reporting Service Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p>
Windows Error Reporting
Microsoft
Yes
CVE-2023-21558
Improper Input Validation
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Anonymous
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Cryptographic Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets.</p>
Windows Cryptographic Services
Microsoft
Yes
CVE-2023-21559
Improper Input Validation
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
<a href="https://www.cse-cst.gc.ca/">Communications Security Establishment, CSE</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Boot Manager Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p>
Windows Boot Manager
Microsoft
Yes
CVE-2023-21560
Heap-based Buffer Overflow
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11570
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11801
Security Feature Bypass
11802
Security Feature Bypass
11926
Security Feature Bypass
11927
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
10047
Security Feature Bypass
10048
Security Feature Bypass
10481
Security Feature Bypass
10482
Security Feature Bypass
10484
Security Feature Bypass
9312
Security Feature Bypass
10287
Security Feature Bypass
9318
Security Feature Bypass
9344
Security Feature Bypass
10051
Security Feature Bypass
10049
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
6.6
5.8
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Zammis Clark
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cryptographic Services
Microsoft
Yes
CVE-2023-21561
Integer Overflow or Wraparound
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Unlikely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Microsoft Offensive Research and Security Engineering (MORSE)
1.0
2023-01-10T08:00:00
<p>Information published.</p>
1.1
2023-01-17T08:00:00
<p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p>
BitLocker Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p>
Windows BitLocker
Microsoft
Yes
CVE-2023-21563
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11570
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11801
Security Feature Bypass
11802
Security Feature Bypass
11926
Security Feature Bypass
11927
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
10047
Security Feature Bypass
10048
Security Feature Bypass
10481
Security Feature Bypass
10482
Security Feature Bypass
10484
Security Feature Bypass
9312
Security Feature Bypass
10287
Security Feature Bypass
9318
Security Feature Bypass
9344
Security Feature Bypass
10051
Security Feature Bypass
10049
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
6.8
5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Zammis Clark
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser sandbox escape.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows ALPC
Microsoft
Yes
CVE-2023-21674
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10481
10482
10484
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11570
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11801
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11802
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11926
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11927
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10481
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10482
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10484
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
8.8
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
Jan Vojtěšek, Milánek, and Przemek Gmerek with Avast
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>This vulnerability could be exploited over the network by an authenticated attacker through a low complexity attack on a server configured as the domain controller.</p>
Windows LDAP - Lightweight Directory Access Protocol
Microsoft
Yes
CVE-2023-21676
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
Microsoft Offensive Research and Security Engineering (MORSE)
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows IKE Extension
Microsoft
Yes
CVE-2023-21677
Untrusted Pointer Dereference
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Print Spooler Components
Microsoft
Yes
CVE-2023-21678
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
National Security Agency
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Layer 2 Tunneling Protocol
Microsoft
Yes
CVE-2023-21679
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Win32k Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Graphics Component
Microsoft
Yes
CVE-2023-21680
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p>
Microsoft WDAC OLE DB provider for SQL
Microsoft
Yes
CVE-2023-21681
Integer Underflow (Wrap or Wraparound)
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Anonymous
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.</p>
Windows Point-to-Point Tunneling Protocol
Microsoft
Yes
CVE-2023-21682
Out-of-bounds Read
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10047
Information Disclosure
10048
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11568
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11569
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11570
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11571
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11572
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11923
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11924
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11801
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11802
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11926
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11927
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11929
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11930
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11931
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12085
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12086
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12097
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12098
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12099
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10729
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10735
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10852
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10853
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10816
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10855
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10047
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10048
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10481
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10482
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10484
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9312
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10287
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9318
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9344
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10051
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10049
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10378
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10379
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10483
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows IKE Extension
Microsoft
Yes
CVE-2023-21683
NULL Pointer Dereference
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10481
10482
10484
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Kap0k
1.0
2023-01-10T08:00:00
<p>Information published.</p>
1.1
2023-01-12T08:00:00
<p>Added acknowledgements. This is an informational change only.</p>
Microsoft DWM Core Library Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows DWM Core Library
Microsoft
Yes
CVE-2023-21724
Use After Free
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
<a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng, Li WenYue, Zhu ZhiQuan</a> with <a href="https://www.hillstonenet.com.cn/">Hillstone Network Security Research Institute</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p>
Windows Malicious Software Removal Tool
Microsoft
Yes
CVE-2023-21725
Improper Link Resolution Before File Access ('Link Following')
11737
11738
Elevation of Privilege
11737
Elevation of Privilege
11738
Important
11737
Important
11738
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;DOS:N/A
6.3
5.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11737
6.3
5.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11738
891716
https://www.microsoft.com/en-us/download/details.aspx?id=9905
11737
No
Security Update
5.109.19957.1
891716
https://www.microsoft.com/en-us/download/details.aspx?id=16
11738
No
Security Update
5.109.19957.1
<a href="https://twitter.com/filip_dragovic">Filip Dragovic</a> with Infigo IS
1.0
2023-01-10T08:00:00
<p>Information published.</p>
1.1
2023-02-06T08:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
Windows Credential Manager User Interface Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Credential Manager
Microsoft
Yes
CVE-2023-21726
Storing Passwords in a Recoverable Format
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Denis Faiustov and Ruslan Sayfiev with <a href="https://ierae.co.jp/">Ierae Security</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Netlogon Denial of Service Vulnerability
Microsoft Local Security Authority Server (lsasrv)
Microsoft
Yes
CVE-2023-21728
Uncontrolled Resource Consumption
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10047
Denial of Service
10048
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10047
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10048
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Cryptographic Services
Microsoft
Yes
CVE-2023-21730
Integer Overflow or Wraparound
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Critical
11568
Critical
11569
Critical
11570
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11801
Critical
11802
Critical
11926
Critical
11927
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Microsoft Offensive Research and Security Engineering (MORSE)
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft ODBC Driver Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p>
Windows ODBC Driver
Microsoft
Yes
CVE-2023-21732
Stack-based Buffer Overflow
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11570
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11801
Remote Code Execution
11802
Remote Code Execution
11926
Remote Code Execution
11927
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Bind Filter Driver Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Bind Filter Driver
Microsoft
Yes
CVE-2023-21733
Heap-based Buffer Overflow
11923
11924
11801
11802
11926
11927
11929
11930
11931
12099
12097
12086
12085
12098
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12099
Elevation of Privilege
12097
Elevation of Privilege
12086
Elevation of Privilege
12085
Elevation of Privilege
12098
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12099
Important
12097
Important
12086
Important
12085
Important
12098
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12099
12097
12098
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12099
12097
12098
Yes
Security Update
10.0.19045.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12086
12085
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12086
12085
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.
The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p>
Microsoft Office
Microsoft
Yes
CVE-2023-21734
Use After Free
11575
11762
11763
11951
Remote Code Execution
11575
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Important
11575
Important
11762
Important
11763
Important
11951
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11575
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
11951
Maybe
Security Update
16.69.23010700
Click to Run
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
khangkito - Tran Van Khang (VinCSS) working with Trend Micro Zero Day Initiative
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-01-10T08:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft Office Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.
The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
Microsoft Office
Microsoft
Yes
CVE-2023-21735
Use After Free
11575
11762
11763
11951
Remote Code Execution
11575
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Important
11575
Important
11762
Important
11763
Important
11951
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11575
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11575
11951
Maybe
Security Update
16.69.23010700
Click to Run
11762
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
khangkito - Tran Van Khang (VinCSS) working with Trend Micro Zero Day Initiative
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-01-10T08:00:00
<p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p>
Microsoft Office Visio Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>A user needs to be tricked into running malicious files.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.
The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p>
Microsoft Office Visio
Microsoft
Yes
CVE-2023-21736
Incorrect Conversion between Numeric Types
11573
11574
11762
11763
11952
11953
10725
10726
10743
10744
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
10725
Remote Code Execution
10726
Remote Code Execution
10743
Remote Code Execution
10744
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
10725
Important
10726
Important
10743
Important
10744
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10725
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10726
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10743
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10744
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
5002332
https://www.microsoft.com/download/details.aspx?familyid=be112e32-23f9-4866-a889-bb5e32206d88
5002280
10725
Maybe
Security Update
15.0.5519.1000
5002332
https://www.microsoft.com/download/details.aspx?familyid=c4c5a3f8-4030-4e19-aeeb-580d961771d0
5002280
10726
Maybe
Security Update
15.0.5519.1000
5002337
https://www.microsoft.com/download/details.aspx?familyid=8f57fdbf-bc7a-4e58-883a-4f4ac0517d92
5002286
10743
Maybe
Security Update
16.0.5378.1000
5002337
https://www.microsoft.com/download/details.aspx?familyid=5de2f9d7-a0d7-446c-ba89-84a59dc8aeb5
5002286
10744
Maybe
Security Update
16.0.5378.1000
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Office Visio Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Visio
Microsoft
Yes
CVE-2023-21737
Heap-based Buffer Overflow
11573
11574
11762
11763
11952
11953
10725
10726
10743
10744
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
10725
Remote Code Execution
10726
Remote Code Execution
10743
Remote Code Execution
10744
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Important
10725
Important
10726
Important
10743
Important
10744
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10725
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10726
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10743
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10744
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
5002332
https://www.microsoft.com/download/details.aspx?familyid=be112e32-23f9-4866-a889-bb5e32206d88
5002280
10725
Maybe
Security Update
15.0.5519.1000
5002332
https://www.microsoft.com/download/details.aspx?familyid=c4c5a3f8-4030-4e19-aeeb-580d961771d0
5002280
10726
Maybe
Security Update
15.0.5519.1000
5002337
https://www.microsoft.com/download/details.aspx?familyid=8f57fdbf-bc7a-4e58-883a-4f4ac0517d92
5002286
10743
Maybe
Security Update
16.0.5378.1000
5002337
https://www.microsoft.com/download/details.aspx?familyid=5de2f9d7-a0d7-446c-ba89-84a59dc8aeb5
5002286
10744
Maybe
Security Update
16.0.5378.1000
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Office Visio Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Visio
Microsoft
Yes
CVE-2023-21738
Heap-based Buffer Overflow
11573
11574
11762
11763
11952
11953
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Important
11573
Important
11574
Important
11762
Important
11763
Important
11952
Important
11953
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
Click to Run
11573
11574
11762
11763
11952
11953
No
Security Update
https://aka.ms/OfficeSecurityReleases
willJ of vulnerability research institute
Michael Heinzl
1.0
2023-01-10T08:00:00
<p>Information published.</p>
1.2
2023-05-09T07:00:00
<p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p>
1.1
2023-01-11T08:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
Windows Bluetooth Driver Elevation of Privilege Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Bluetooth Driver
Microsoft
Yes
CVE-2023-21739
Sensitive Data Storage in Improperly Locked Memory
11568
11569
11570
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10481
10482
10484
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Important
11568
Important
11569
Important
11570
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10481
Important
10482
Important
10484
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
Yes
Security Update
10.0.14393.5648
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
<a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab
1.0
2023-01-10T08:00:00
<p>Information published.</p>
1.1
2023-03-24T07:00:00
<p>Added an FAQ. This is an information change only.</p>
Microsoft Office Visio Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p>
<p>The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.</p>
Microsoft Office Visio
Microsoft
Yes
CVE-2023-21741
Out-of-bounds Read
11952
11953
10726
10725
11762
11574
11573
11763
10744
10743
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
10726
Information Disclosure
10725
Information Disclosure
11762
Information Disclosure
11574
Information Disclosure
11573
Information Disclosure
11763
Information Disclosure
10744
Information Disclosure
10743
Important
11952
Important
11953
Important
10726
Important
10725
Important
11762
Important
11574
Important
11573
Important
11763
Important
10744
Important
10743
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11952
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11953
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10726
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10725
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11762
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11574
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11573
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
11763
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10744
7.1
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
10743
Click to Run
11952
11953
11762
11574
11573
11763
No
Security Update
https://aka.ms/OfficeSecurityReleases
5002332
https://www.microsoft.com/download/details.aspx?familyid=c4c5a3f8-4030-4e19-aeeb-580d961771d0
5002280
10726
Maybe
Security Update
15.0.5519.1000
5002332
https://www.microsoft.com/download/details.aspx?familyid=be112e32-23f9-4866-a889-bb5e32206d88
5002280
10725
Maybe
Security Update
15.0.5519.1000
5002337
https://www.microsoft.com/download/details.aspx?familyid=5de2f9d7-a0d7-446c-ba89-84a59dc8aeb5
5002286
10744
Maybe
Security Update
16.0.5378.1000
5002337
https://www.microsoft.com/download/details.aspx?familyid=8f57fdbf-bc7a-4e58-883a-4f4ac0517d92
5002286
10743
Maybe
Security Update
16.0.5378.1000
HAO LI of VenusTech ADLab
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker must be authenticated to the target site as at least a Site Member.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.</p>
<p><strong>I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?</strong></p>
<p>No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.</p>
<p>Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2023-21742
Improper Access Control
10950
11099
11585
11961
10612
Remote Code Execution
10950
Remote Code Execution
11099
Remote Code Execution
11585
Remote Code Execution
11961
Remote Code Execution
10612
Important
10950
Important
11099
Important
11585
Important
11961
Important
10612
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10612
5002338
https://www.microsoft.com/download/details.aspx?familyid=3b92380b-b692-4989-abdd-f21fb0828352
5002321
10950
Maybe
Security Update
16.0.5378.1000
5002338
https://support.microsoft.com/help/5002338
10950
5002335
https://www.microsoft.com/download/details.aspx?familyid=d0da54d0-c23a-44b9-b1c0-c9b415c4a730
11099
Maybe
Cumulative Update
15.0.5519.1000
5002336
https://www.microsoft.com/download/details.aspx?familyid=bd2c7e27-525b-4970-a63e-3956d3848b20
5002319
11099
10612
Maybe
Security Update
15.0.5519.1000
5002336
https://support.microsoft.com/help/5002336
11099
10612
5002329
https://www.microsoft.com/download/details.aspx?familyid=788e4c7a-8729-4f38-9e16-6285d4f7c4e5
5002311
11585
Maybe
Security Update
16.0.10394.20021
5002329
https://support.microsoft.com/help/5002329
11585
5002331
https://www.microsoft.com/download/details.aspx?familyid=86f10bd4-b462-499d-a677-31b6f43f7958
5002327
11961
Maybe
Security Update
16.0.15601.20418
5002331
https://support.microsoft.com/help/5002331
11961
Anonymous
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Security Feature Bypass Vulnerability
<p><strong>Are any additional steps required to protect my SharePoint farm after installing the January 10, 2023 security update for SharePoint Server?</strong></p>
<p>Yes. Customers must also trigger a SharePoint upgrade action included in this update to protect their SharePoint farm. The upgrade action can be triggered by running the SharePoint Products Configuration Wizard, the Upgrade-SPFarm PowerShell cmdlet, or the "psconfig.exe -cmd upgrade -inplace b2b" command on each SharePoint server after installing the update.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>In a network-based attack, an unauthenticated attacker could bypass authentication and make an anonymous connection.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An unauthenticated attacker is able to bypass the expected user access.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2023-21743
Missing Authentication for Critical Function
10950
11585
11961
Security Feature Bypass
10950
Security Feature Bypass
11585
Security Feature Bypass
11961
Critical
10950
Critical
11585
Critical
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
10950
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
11585
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
11961
5002338
https://www.microsoft.com/download/details.aspx?familyid=3b92380b-b692-4989-abdd-f21fb0828352
5002321
10950
Maybe
Security Update
16.0.5378.1000
5002338
https://support.microsoft.com/help/5002338
10950
5002329
https://www.microsoft.com/download/details.aspx?familyid=788e4c7a-8729-4f38-9e16-6285d4f7c4e5
5002311
11585
Maybe
Security Update
16.0.10394.20021
5002329
https://support.microsoft.com/help/5002329
11585
5002331
https://www.microsoft.com/download/details.aspx?familyid=86f10bd4-b462-499d-a677-31b6f43f7958
5002327
11961
Maybe
Security Update
16.0.15601.20418
5002331
https://support.microsoft.com/help/5002331
11961
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>In a network-based attack an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.</p>
<p><strong>I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?</strong></p>
<p>No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.</p>
<p>Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2023-21744
Deserialization of Untrusted Data
10950
11099
11585
11961
10612
Remote Code Execution
10950
Remote Code Execution
11099
Remote Code Execution
11585
Remote Code Execution
11961
Remote Code Execution
10612
Important
10950
Important
11099
Important
11585
Important
11961
Important
10612
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10612
5002338
https://www.microsoft.com/download/details.aspx?familyid=3b92380b-b692-4989-abdd-f21fb0828352
5002321
10950
Maybe
Security Update
16.0.5378.1000
5002338
https://support.microsoft.com/help/5002338
10950
5002335
https://www.microsoft.com/download/details.aspx?familyid=d0da54d0-c23a-44b9-b1c0-c9b415c4a730
11099
Maybe
Cumulative Update
15.0.5519.1000
5002336
https://www.microsoft.com/download/details.aspx?familyid=bd2c7e27-525b-4970-a63e-3956d3848b20
5002319
11099
10612
Maybe
Security Update
15.0.5519.1000
5002336
https://support.microsoft.com/help/5002336
11099
10612
5002329
https://www.microsoft.com/download/details.aspx?familyid=788e4c7a-8729-4f38-9e16-6285d4f7c4e5
5002311
11585
Maybe
Security Update
16.0.10394.20021
5002329
https://support.microsoft.com/help/5002329
11585
5002331
https://www.microsoft.com/download/details.aspx?familyid=86f10bd4-b462-499d-a677-31b6f43f7958
5002327
11961
Maybe
Security Update
16.0.15601.20418
5002331
https://support.microsoft.com/help/5002331
11961
<a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows NTLM Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows NTLM
Microsoft
Yes
CVE-2023-21746
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://twitter.com/decoder_it">Andrea Pierini</a> with <a href="https://semperis.com/">Semperis</a> and <a href="https://twitter.com/splinter_code">Antonio Cocomazzi</a> with <a href="https://sentinelone.com/">Sentinel One</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Virtual Registry Provider
Microsoft
Yes
CVE-2023-21747
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Virtual Registry Provider
Microsoft
Yes
CVE-2023-21748
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Virtual Registry Provider
Microsoft
Yes
CVE-2023-21749
Improper Input Validation
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Virtual Registry Provider
Microsoft
Yes
CVE-2023-21750
Improper Access Control
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11568
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11569
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11570
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11571
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11572
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11923
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11924
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11801
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11802
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11926
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11927
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11929
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11930
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11931
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12085
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12086
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12097
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12098
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12099
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10729
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10735
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10852
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10853
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10816
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10855
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10047
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10048
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10481
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10482
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10484
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9312
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10287
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9318
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9344
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10051
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10049
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10378
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10379
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10483
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Backup Service Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Backup Engine
Microsoft
Yes
CVE-2023-21752
Improper Access Control
12098
12085
12099
11930
11926
11927
11929
12097
11931
12086
11801
11802
11568
11570
10852
11569
10048
10735
10853
10729
10047
Elevation of Privilege
12098
Elevation of Privilege
12085
Elevation of Privilege
12099
Elevation of Privilege
11930
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
12097
Elevation of Privilege
11931
Elevation of Privilege
12086
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11568
Elevation of Privilege
11570
Elevation of Privilege
10852
Elevation of Privilege
11569
Elevation of Privilege
10048
Elevation of Privilege
10735
Elevation of Privilege
10853
Elevation of Privilege
10729
Elevation of Privilege
10047
Important
12098
Important
12085
Important
12099
Important
11930
Important
11926
Important
11927
Important
11929
Important
12097
Important
11931
Important
12086
Important
11801
Important
11802
Important
11568
Important
11570
Important
10852
Important
11569
Important
10048
Important
10735
Important
10853
Important
10729
Important
10047
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12098
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12085
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12099
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11930
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11926
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11927
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11929
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12097
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11931
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12086
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11801
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11802
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11568
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11570
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10852
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11569
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10048
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10735
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10853
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10729
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10047
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12098
12099
12097
Yes
Security Update
10.0.19045.2486
5022282
https://support.microsoft.com/help/5022282
12098
12099
11930
11929
12097
11931
11801
11802
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11930
11929
11931
Yes
Security Update
10.0.19044.2486
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11570
11569
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11570
11569
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10048
10047
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10048
10047
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10048
10047
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10048
10047
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10735
10729
Yes
Security Update
10.0.10240.19685
<a href="https://twitter.com/filip_dragovic">Filip Dragovic</a> with Infigo IS
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Event Tracing for Windows Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p>
Windows Kernel
Microsoft
Yes
CVE-2023-21753
Use of Uninitialized Resource
11568
11569
11570
11571
11572
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Management Instrumentation
Microsoft
Yes
CVE-2023-21754
Integer Overflow or Wraparound
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Kernel
Microsoft
Yes
CVE-2023-21755
Use After Free
11568
11569
11570
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Important
11568
Important
11569
Important
11570
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
<a href="https://twitter.com/b2ahex">b2ahex</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
Windows Remote Access Service L2TP Driver
Microsoft
Yes
CVE-2023-21757
NULL Pointer Dereference
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10047
Denial of Service
10048
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10047
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10048
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows IKE Extension
Microsoft
Yes
CVE-2023-21758
NULL Pointer Dereference
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
insu of 78ResearchLab working with Trend Micro Zero Day Initiative
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could bypass the Fast Identity Online (FIDO) secure authentication feature.</p>
Windows Smart Card
Microsoft
Yes
CVE-2023-21759
12098
12097
12086
12099
12085
11923
11924
11927
11926
11931
11929
11930
11801
11802
Security Feature Bypass
12098
Security Feature Bypass
12097
Security Feature Bypass
12086
Security Feature Bypass
12099
Security Feature Bypass
12085
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11927
Security Feature Bypass
11926
Security Feature Bypass
11931
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11801
Security Feature Bypass
11802
Important
12098
Important
12097
Important
12086
Important
12099
Important
12085
Important
11923
Important
11924
Important
11927
Important
11926
Important
11931
Important
11929
Important
11930
Important
11801
Important
11802
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12098
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12097
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12086
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12099
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12085
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11923
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11924
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11927
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11926
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11931
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11929
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11930
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11801
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11802
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12098
12097
12099
Yes
Security Update
10.0.19045.2486
5022282
https://support.microsoft.com/help/5022282
12098
12097
12099
11931
11929
11930
11801
11802
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12086
12085
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12086
12085
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11927
11926
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11931
11929
11930
Yes
Security Update
10.0.19044.2486
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
Michael F
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p>
Windows Print Spooler Components
Microsoft
Yes
CVE-2023-21760
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11568
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11569
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11570
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11571
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11572
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11923
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11924
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11801
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11802
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11926
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11927
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11929
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11930
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11931
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12085
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12086
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12097
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12098
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12099
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10729
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10735
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10852
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10853
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10816
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10855
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10047
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10048
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10481
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10482
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10484
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9312
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10287
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9318
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
9344
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10051
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10049
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10378
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10379
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10483
7.1
6.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<a href="https://twitter.com/kkokkokye">JeongOh Kyea</a> with <a href="https://theori.io/">THEORI</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Exchange Server Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p>
Microsoft Exchange Server
Microsoft
Yes
CVE-2023-21761
Server-Side Request Forgery (SSRF)
12039
11957
12038
Information Disclosure
12039
Information Disclosure
11957
Information Disclosure
12038
Important
12039
Important
11957
Important
12038
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12039
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11957
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12038
5022143
https://www.microsoft.com/download/details.aspx?familyid=e775134a-a23b-4375-8be2-61123b4addd3
5019758
12039
Yes
Security Update
15.01.2507.017
5022143
https://support.microsoft.com/help/5022143
12039
5022193
https://www.microsoft.com/download/details.aspx?familyid=ecb11461-88df-428b-b0a8-1fa9fa892b25
5019758
11957
Yes
Security Update
15.02.0986.037
5022193
https://support.microsoft.com/help/5022193
11957
12038
5022193
https://www.microsoft.com/download/details.aspx?familyid=6237df2d-0ad0-415d-8b98-a8c985ed6214
5019758
12038
Yes
Security Update
15.02.1118.021
nicolas joly
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Exchange Server Spoofing Vulnerability
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment.</p>
<p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p>
<p>If the attack is successful it could lead to a NTLM relay allowing for controls that would be able to block availability of a resource.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?</strong></p>
<p>Yes, the attacker must be authenticated.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p>
Microsoft Exchange Server
Microsoft
Yes
CVE-2023-21762
Deserialization of Untrusted Data
12039
12038
11957
11682
Spoofing
12039
Spoofing
12038
Spoofing
11957
Spoofing
11682
Important
12039
Important
12038
Important
11957
Important
11682
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12039
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12038
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11957
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11682
5022143
https://www.microsoft.com/download/details.aspx?familyid=e775134a-a23b-4375-8be2-61123b4addd3
5019758
12039
Yes
Security Update
15.01.2507.017
5022143
https://support.microsoft.com/help/5022143
12039
5022193
https://www.microsoft.com/download/details.aspx?familyid=6237df2d-0ad0-415d-8b98-a8c985ed6214
5019758
12038
Yes
Security Update
15.02.1118.021
5022193
https://support.microsoft.com/help/5022193
12038
11957
5022193
https://www.microsoft.com/download/details.aspx?familyid=ecb11461-88df-428b-b0a8-1fa9fa892b25
5019758
11957
Yes
Security Update
15.02.0986.037
5022188
https://www.microsoft.com/download/details.aspx?familyid=789c9179-0a6a-4270-be7c-183850a09b14
5019758
11682
Yes
Security Update
15.00.1497.045
<a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Exchange Server Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Exchange Server
Microsoft
Yes
CVE-2023-21763
Untrusted Search Path
11957
12038
12039
Elevation of Privilege
11957
Elevation of Privilege
12038
Elevation of Privilege
12039
Important
11957
Important
12038
Important
12039
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11957
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12038
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12039
5022193
https://www.microsoft.com/download/details.aspx?familyid=ecb11461-88df-428b-b0a8-1fa9fa892b25
5019758
11957
Yes
Security Update
15.02.0986.037
5022193
https://support.microsoft.com/help/5022193
11957
12038
5022193
https://www.microsoft.com/download/details.aspx?familyid=6237df2d-0ad0-415d-8b98-a8c985ed6214
5019758
12038
Yes
Security Update
15.02.1118.021
5022143
https://www.microsoft.com/download/details.aspx?familyid=e775134a-a23b-4375-8be2-61123b4addd3
5019758
12039
Yes
Security Update
15.01.2507.017
5022143
https://support.microsoft.com/help/5022143
12039
Piotr Bazydlo <a href="https://www.twitter.com/chudypb">(@chudypb)</a> working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Exchange Server Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Exchange Server
Microsoft
Yes
CVE-2023-21764
Untrusted Search Path
11957
12038
12039
Elevation of Privilege
11957
Elevation of Privilege
12038
Elevation of Privilege
12039
Important
11957
Important
12038
Important
12039
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11957
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12038
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12039
5022193
https://www.microsoft.com/download/details.aspx?familyid=ecb11461-88df-428b-b0a8-1fa9fa892b25
5019758
11957
Yes
Security Update
15.02.0986.037
5022193
https://support.microsoft.com/help/5022193
11957
12038
5022193
https://www.microsoft.com/download/details.aspx?familyid=6237df2d-0ad0-415d-8b98-a8c985ed6214
5019758
12038
Yes
Security Update
15.02.1118.021
5022143
https://www.microsoft.com/download/details.aspx?familyid=e775134a-a23b-4375-8be2-61123b4addd3
5019758
12039
Yes
Security Update
15.01.2507.017
5022143
https://support.microsoft.com/help/5022143
12039
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Print Spooler Components
Microsoft
Yes
CVE-2023-21765
Integer Overflow or Wraparound
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
lm0963, l1nk3d, and renyimen with From TianGong Team of Legendsec at Qi'anxin Group
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Overlay Filter Information Disclosure Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p>
Windows Overlay Filter
Microsoft
Yes
CVE-2023-21766
Sensitive Data Storage in Improperly Locked Memory
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
12099
12097
12086
12098
12085
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
12099
Information Disclosure
12097
Information Disclosure
12086
Information Disclosure
12098
Information Disclosure
12085
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
12099
Important
12097
Important
12086
Important
12098
Important
12085
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12099
12097
12098
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12099
12097
12098
Yes
Security Update
10.0.19045.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12086
12085
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12086
12085
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Overlay Filter Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Overlay Filter
Microsoft
Yes
CVE-2023-21767
Improper Input Validation
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10481
10482
10484
10483
10543
12097
12098
12086
12085
12099
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10483
Elevation of Privilege
10543
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12086
Elevation of Privilege
12085
Elevation of Privilege
12099
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10481
Important
10482
Important
10484
Important
10483
Important
10543
Important
12097
Important
12098
Important
12086
Important
12085
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12086
12085
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12086
12085
<a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2023-21768
Untrusted Pointer Dereference
11923
11924
11926
11927
12085
12086
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
12085
Elevation of Privilege
12086
Important
11923
Important
11924
Important
11926
Important
11927
Important
12085
Important
12086
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Local Session Manager (LSM)
Microsoft
Yes
CVE-2023-21771
Sensitive Data Storage in Improperly Locked Memory
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
<a href="https://twitter.com/nachoskrnl">Ben Barnea</a> with <a href="https://www.akamai.com/">Akamai Technologies</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Virtual Registry Provider
Microsoft
Yes
CVE-2023-21772
Out-of-bounds Read
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-06-30T07:00:00
<p>To address a known issue when after installing the February 14, 2023, security updates for .NET Framework and .NET, users may have experienced issues with how WPF-based applications render XPS documents, Microsoft has released the June 2023 security updates for .NET Framework and for .NET. We recommend that customers install the June 2023 updates. Please note that if you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. To remove either of the workarounds see the instructions for removal in the "Alternative Workaround" section of <a href="https://support.microsoft.com/en-us/topic/kb5022083-change-in-how-wpf-based-applications-render-xps-documents-a4ae4fa4-bc58-4c37-acdd-5eebc4e34556">KB5022083 Change in how WPF-based applications render XPS documents</a>.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Virtual Registry Provider
Microsoft
Yes
CVE-2023-21773
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Virtual Registry Provider
Microsoft
Yes
CVE-2023-21774
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p>
Windows Virtual Registry Provider
Microsoft
Yes
CVE-2023-21776
Out-of-bounds Read
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10852
Information Disclosure
10853
Information Disclosure
10816
Information Disclosure
10855
Information Disclosure
10047
Information Disclosure
10048
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10729
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10735
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10852
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10853
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10816
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10855
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10047
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10048
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10481
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10482
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10484
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9312
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10287
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9318
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
9344
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10051
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10049
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10378
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10379
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10483
5.5
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21781
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21782
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21784
Use After Free
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21786
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21791
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21793
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser sandbox escape.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-21796
12142
Elevation of Privilege
12142
Important
12142
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.3
7.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12142
Release Notes
12142
No
Security Update
108.0.1462.83
K. Edward with PHi
1.0
2023-01-12T08:00:00
<p>Information published.</p>
1.1
2023-01-17T08:00:00
<p>Added Extended Stable build information. This is an informational change only.</p>
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser sandbox escape.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p>
<p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-21775
11655
12142
Remote Code Execution
11655
Remote Code Execution
12142
Moderate
11655
Moderate
12142
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.3
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11655
8.3
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
12142
Release Notes
11655
No
Security Update
109.0.1518.49
Release Notes
12142
No
Security Update
108.0.1462.83
Anonymous
1.0
2023-01-12T08:00:00
<p>Information published.</p>
1.1
2023-01-17T08:00:00
<p>Added Extended Stable build information. This is an informational change only.</p>
Chromium:CVE-2023-0129: Heap buffer overflow in Network Service
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0129
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:26
<p>Information published.</p>
Chromium:CVE-2023-0130: Inappropriate implementation in Fullscreen API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0130
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:29
<p>Information published.</p>
Chromium:CVE-2023-0131: Inappropriate implementation in iframe Sandbox
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0131
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:31
<p>Information published.</p>
Chromium:CVE-2023-0132: Inappropriate implementation in Permission prompts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0132
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:34
<p>Information published.</p>
Chromium:CVE-2023-0133: Inappropriate implementation in Permission prompts
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0133
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:36
<p>Information published.</p>
Chromium:CVE-2023-0134: Use after free in Cart
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0134
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:39
<p>Information published.</p>
Chromium:CVE-2023-0135: Use after free in Cart
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0135
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:42
<p>Information published.</p>
Chromium:CVE-2023-0136: Inappropriate implementation in Fullscreen API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0136
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:46
<p>Information published.</p>
Chromium:CVE-2023-0138: Heap buffer overflow in libphonenumber
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0138
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:50
<p>Information published.</p>
Chromium:CVE-2023-0139: Insufficient validation of untrusted input in Downloads
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0139
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:52
<p>Information published.</p>
Chromium:CVE-2023-0140: Inappropriate implementation in File System API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0140
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:55
<p>Information published.</p>
Chromium:CVE-2023-0141: Insufficient policy enforcement in CORS
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0141
11655
11655
11655
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.49
1.0
2023-01-12T20:43:57
<p>Information published.</p>
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>
<p>This vulnerability could lead to a browser sandbox escape.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-21795
Use After Free
11655
Elevation of Privilege
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
8.3
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
109.0.1518.52
Anonymous
1.0
2023-01-17T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who successfully exploited this could bypass the Edge AutoFill Protection feature</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2023-21719
11655
Security Feature Bypass
11655
Moderate
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
6.5
5.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
109.0.1518.61
Ahmed ElMasry
1.0
2023-01-19T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-0471 Use after free in WebTransport
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>109.0.1343.27</td>
<td>109.0.5414.119/.120</td>
<td>1/26/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>108.0.1293.81</td>
<td>108.0.5359.215</td>
<td>1/26/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0471
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.70
Release Notes
12142
No
Security Update
108.0.1462.95
1.0
2023-01-26T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-0472 Use after free in WebRTC
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>109.0.1343.27</td>
<td>109.0.5414.119/.120</td>
<td>1/26/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>108.0.1293.81</td>
<td>108.0.5359.215</td>
<td>1/26/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0472
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.70
Release Notes
12142
No
Security Update
108.0.1462.95
1.0
2023-01-26T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-0473: Type Confusion in ServiceWorker
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>109.0.1343.27</td>
<td>109.0.5414.119/.120</td>
<td>1/26/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>108.0.1293.81</td>
<td>108.0.5359.215</td>
<td>1/26/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0473
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.70
Release Notes
12142
No
Security Update
108.0.1462.95
1.0
2023-01-26T08:00:00
<p>Information published.</p>
Chromium: CVE-2023-0474 Use after free in GuestView
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Channel</th>
<th>Microsoft Edge Version</th>
<th>Based on Chromium Version</th>
<th>Date Released</th>
</tr>
</thead>
<tbody>
<tr>
<td>Stable</td>
<td>109.0.1343.27</td>
<td>109.0.5414.119/.120</td>
<td>1/26/2023</td>
</tr>
<tr>
<td>Extended Stable</td>
<td>108.0.1293.81</td>
<td>108.0.5359.215</td>
<td>1/26/2023</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2023-0474
11655
12142
11655
12142
11655
12142
DOS:N/A
Release Notes
11655
No
Security Update
109.0.1518.70
Release Notes
12142
No
Security Update
108.0.1462.95
1.0
2023-01-26T08:00:00
<p>Information published.</p>
Remote Procedure Call Runtime Denial of Service Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows RPC API
Microsoft
Yes
CVE-2023-21525
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10047
Denial of Service
10048
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10047
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10048
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
5.3
4.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows iSCSI Service Denial of Service Vulnerability
Windows iSCSI
Microsoft
Yes
CVE-2023-21527
Integer Underflow (Wrap or Wraparound)
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
12099
12097
12086
12085
12098
Denial of Service
11568
Denial of Service
11569
Denial of Service
11570
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11801
Denial of Service
11802
Denial of Service
11926
Denial of Service
11927
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10047
Denial of Service
10048
Denial of Service
10481
Denial of Service
10482
Denial of Service
10484
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Denial of Service
12099
Denial of Service
12097
Denial of Service
12086
Denial of Service
12085
Denial of Service
12098
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
12099
Important
12097
Important
12086
Important
12085
Important
12098
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11570
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11801
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11802
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11926
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11927
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10047
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10048
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10481
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10482
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10484
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12099
12097
12098
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12099
12097
12098
Yes
Security Update
10.0.19045.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12086
12085
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12086
12085
<a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows GDI Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Graphics Component
Microsoft
Yes
CVE-2023-21532
Use After Free
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Marcin Wiazowski working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Event Tracing for Windows Information Disclosure Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p>
Windows Event Tracing
Microsoft
Yes
CVE-2023-21536
Out-of-bounds Read
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
Information Disclosure
11568
Information Disclosure
11569
Information Disclosure
11570
Information Disclosure
11571
Information Disclosure
11572
Information Disclosure
11923
Information Disclosure
11924
Information Disclosure
11801
Information Disclosure
11802
Information Disclosure
11926
Information Disclosure
11927
Information Disclosure
11929
Information Disclosure
11930
Information Disclosure
11931
Information Disclosure
12085
Information Disclosure
12086
Information Disclosure
12097
Information Disclosure
12098
Information Disclosure
12099
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11568
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11569
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11570
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11571
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11572
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11923
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11924
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11801
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11802
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11926
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11927
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11929
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11930
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
11931
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12085
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12086
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12097
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12098
4.7
4.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
12099
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
<a href="https://twitter.com/dannyodler">danny odler</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Message Queuing
Microsoft
Yes
CVE-2023-21537
Time-of-check Time-of-use (TOCTOU) Race Condition
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
<p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p>
<p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p>
<p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p>
<a href="https://twitter.com/dannyodler">danny odler</a>
1.1
2023-10-17T07:00:00
<p>Added mitigation. This is an informational change only.</p>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Windows Kernel Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Virtual Registry Provider
Microsoft
Yes
CVE-2023-21675
Access of Resource Using Incompatible Type ('Type Confusion')
11568
11569
11570
11571
11572
11923
11924
11801
11802
11926
11927
11929
11930
11931
12085
12086
12097
12098
12099
10729
10735
10852
10853
10816
10855
10047
10048
10481
10482
10484
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11570
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11801
Elevation of Privilege
11802
Elevation of Privilege
11926
Elevation of Privilege
11927
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11570
Important
11571
Important
11572
Important
11923
Important
11924
Important
11801
Important
11802
Important
11926
Important
11927
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11570
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11801
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11802
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11926
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11927
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10047
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10048
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10481
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10482
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10484
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5022286
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
5021237
11568
11569
11570
11571
11572
Yes
Security Update
10.0.17763.3887
5022286
https://support.microsoft.com/help/5022286
11568
11569
11570
11571
11572
5022291
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
5021249
11923
11924
Yes
Security Update
10.0.20348.1487
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11801
11802
Yes
Security Update
10.0.19042.2486
5022282
https://support.microsoft.com/help/5022282
11801
11802
11929
11930
11931
12097
12098
12099
5022287
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
5021234
11926
11927
Yes
Security Update
10.0.22000.1455
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
11929
11930
11931
Yes
Security Update
10.0.19044.2486
5022303
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
5021255
12085
12086
Yes
Security Update
10.0.22621.1105
5022303
https://support.microsoft.com/help/5022303
12085
12086
5022282
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
5021233
12097
12098
12099
Yes
Security Update
10.0.19045.2486
5022297
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
5021243
10729
10735
Yes
Security Update
10.0.10240.19685
5022289
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
5021235
10852
10853
10816
10855
Yes
Security Update
10.0.14393.5648
5022338
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022338
5021291
10047
10048
10051
10049
Yes
Monthly Rollup
6.1.7601.26321
5022338
https://support.microsoft.com/help/5022338
10047
10048
10051
10049
5022339
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022339
10047
10048
10051
10049
Yes
Security Only
6.1.7601.26321
5022339
https://support.microsoft.com/help/5022339
10047
10048
10051
10049
5022352
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
5021294
10481
10482
10483
10543
Yes
Monthly Rollup
6.3.9600.20778
5022352
https://support.microsoft.com/help/5022352
10481
10482
10483
10543
5022346
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
10481
10482
10484
10483
10543
Yes
Security Only
6.3.9600.20778
5022346
https://support.microsoft.com/help/5022346
10481
10482
10484
10483
10543
5022340
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022340
5021289
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.21872
5022340
https://support.microsoft.com/help/5022340
9312
10287
9318
9344
5022353
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022353
9312
10287
9318
9344
Yes
Security Only
6.0.6003.21872
5022353
https://support.microsoft.com/help/5022353
9312
10287
9318
9344
5022348
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022348
5021285
10378
10379
Yes
Monthly Rollup
6.2.9200.24075
5022348
https://support.microsoft.com/help/5022348
10378
10379
5022343
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022343
10378
10379
Yes
Security Only
6.2.9200.24075
5022343
https://support.microsoft.com/help/5022343
10378
10379
Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Microsoft Exchange Server Spoofing Vulnerability
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>An authenticated attacker could exploit this vulnerability LAN-side or potentially from the internet.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An authenticated attacker could achieve exploitation by using a PowerShell remoting session to the server.</p>
Microsoft Exchange Server
Microsoft
Yes
CVE-2023-21745
Deserialization of Untrusted Data
12039
12038
11957
Spoofing
12039
Spoofing
12038
Spoofing
11957
Important
12039
Important
12038
Important
11957
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12039
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12038
8.0
7.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11957
5022143
https://www.microsoft.com/download/details.aspx?familyid=e775134a-a23b-4375-8be2-61123b4addd3
5019758
12039
Yes
Security Update
15.01.2507.017
5022143
https://support.microsoft.com/help/5022143
12039
5022193
https://www.microsoft.com/download/details.aspx?familyid=6237df2d-0ad0-415d-8b98-a8c985ed6214
5019758
12038
Yes
Security Update
15.02.1118.021
5022193
https://support.microsoft.com/help/5022193
12038
11957
5022193
https://www.microsoft.com/download/details.aspx?familyid=ecb11461-88df-428b-b0a8-1fa9fa892b25
5019758
11957
Yes
Security Update
15.02.0986.037
<a href="https://twitter.com/chudypb">Piotr Bazydlo (@chudypb)</a> working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
Visual Studio Code Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.</p>
Visual Studio Code
Microsoft
Yes
CVE-2023-21779
Deserialization of Untrusted Data
11622
Remote Code Execution
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/Download
11622
Maybe
Security Update
1.74.3
Matt Bierner with Microsoft
1.2
2023-05-09T07:00:00
<p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
1.1
2023-01-11T08:00:00
<p>Corrected CVE title. This is an informational change only.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21783
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21785
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21787
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21788
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21789
Divide By Zero
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21790
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
2.0
2023-01-11T08:00:00
<p>CVE updated to announce the availability of the updated 3D Builder application which addresses this vulnerability. Microsoft recommends updating your application as soon as possible. Please see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a> for more information.</p>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
3D Builder Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send the user a malicious file and convince them to open it.</p>
<p><strong>How do I get the update for a Windows App?</strong></p>
<p>The Microsoft Store will automatically update affected customers.</p>
<p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f#WindowsVersion=Windows_11">Get updates for apps and games in Microsoft Store</a>. Be sure to select the tab for the operating system installed on your device to search for updates.</p>
3D Builder
Microsoft
Yes
CVE-2023-21792
Heap-based Buffer Overflow
12141
Remote Code Execution
12141
Important
12141
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12141
More Information
https://apps.microsoft.com/store/detail/3d-builder/9WZDNCRFJ3T6?hl=en-us&gl=us
12141
Maybe
Security Update
20.0.1
Mat Powell of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2023-01-10T08:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2021-4235
https://nvd.nist.gov/vuln/detail/CVE-2021-4235
Mariner
security@golang.org
Yes
CVE-2021-4235
12137
12138
12137
12138
12137
12138
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12137
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
12138
etcd
12137
etcd-3.5.0-9.cm1.x86_64.rpm
0001-01-01T00:00:00
etcd-tools-3.5.0-9.cm1.x86_64.rpm
0001-01-01T00:00:00
etcd-debuginfo-3.5.0-9.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
3.5.0-9
etcd
12138
etcd-3.5.0-9.cm1.aarch64.rpm
0001-01-01T00:00:00
etcd-tools-3.5.0-9.cm1.aarch64.rpm
0001-01-01T00:00:00
etcd-debuginfo-3.5.0-9.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
3.5.0-9
1.0
2023-01-12T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-4662
https://nvd.nist.gov/vuln/detail/CVE-2022-4662
Mariner
secalert@redhat.com
Yes
CVE-2022-4662
12139
12140
12139
12140
12139
12140
DOS:N/A
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12139
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
12140
kernel
12139
kernel-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.92.1-1
kernel
12140
kernel-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.92.1-1
1.0
2023-01-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
Mariner
cve@mitre.org
Yes
CVE-2022-46392
12139
12140
12139
12140
12139
12140
DOS:N/A
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
12139
5.3
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
12140
fluent-bit
12139
fluent-bit-2.0.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
fluent-bit-devel-2.0.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
fluent-bit-debuginfo-2.0.9-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.0.9-1
fluent-bit
12140
fluent-bit-2.0.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
fluent-bit-devel-2.0.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
fluent-bit-debuginfo-2.0.9-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
2.0.9-1
1.0
2023-01-17T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-47943
https://nvd.nist.gov/vuln/detail/CVE-2022-47943
Mariner
cve@mitre.org
Yes
CVE-2022-47943
12139
12140
12139
12140
12139
12140
DOS:N/A
8.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12139
8.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12140
kernel
12139
kernel-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
python3-perf-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
bpftool-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.86.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.86.1-1
kernel
12140
kernel-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-devel-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-accessibility-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-gpu-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-drivers-sound-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-docs-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-tools-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
python3-perf-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-dtb-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
bpftool-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
kernel-debuginfo-5.15.86.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.86.1-1
1.0
2023-01-05T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-47940
https://nvd.nist.gov/vuln/detail/CVE-2022-47940
Mariner
cve@mitre.org
Yes
CVE-2022-47940
12139
12140
12139
12140
12139
12140
DOS:N/A
8.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12139
8.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
12140
hyperv-daemons
12139
hyperv-daemons-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.92.1-1.cm2.x86_64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.92.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.92.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.92.1-1
hyperv-daemons
12140
hyperv-daemons-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervkvpd-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervvssd-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hypervfcopyd-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
hyperv-daemons-license-5.15.92.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-tools-5.15.92.1-1.cm2.noarch.rpm
0001-01-01T00:00:00
hyperv-daemons-debuginfo-5.15.92.1-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
5.15.92.1-1
1.0
2023-01-12T00:00:00
<p>Information published.</p>
https://nvd.nist.gov/vuln/detail/CVE-2022-47629
https://nvd.nist.gov/vuln/detail/CVE-2022-47629
https://nvd.nist.gov/vuln/detail/CVE-2022-47629
https://nvd.nist.gov/vuln/detail/CVE-2022-47629
Mariner
cve@mitre.org
Yes
CVE-2022-47629
12137
12138
12139
12140
12137
12138
12139
12140
12137
12138
12139
12140
DOS:N/A
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12137
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12138
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12139
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
12140
libksba
12137
libksba-1.3.5-4.cm1.x86_64.rpm
0001-01-01T00:00:00
libksba-debuginfo-1.3.5-4.cm1.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.3.5-4
libksba
12138
libksba-1.3.5-4.cm1.aarch64.rpm
0001-01-01T00:00:00
libksba-debuginfo-1.3.5-4.cm1.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.3.5-4
libksba
12139
libksba-1.6.3-1.cm2.x86_64.rpm
0001-01-01T00:00:00
libksba-devel-1.6.3-1.cm2.x86_64.rpm
0001-01-01T00:00:00
libksba-debuginfo-1.6.3-1.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.6.3-1
libksba
12140
libksba-1.6.3-1.cm2.aarch64.rpm
0001-01-01T00:00:00
libksba-devel-1.6.3-1.cm2.aarch64.rpm
0001-01-01T00:00:00
libksba-debuginfo-1.6.3-1.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.6.3-1
1.0
2023-01-04T00:00:00
<p>Information published.</p>