July 2023 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2023-Jul 2023-Jul Final 1.0 259 2026-02-19T01:21:14 July 2023 Security Updates 2023-07-11T07:00:00 2026-02-19T01:21:14 <h2 id="updates-this-month">Updates this Month</h2> <p>This release consists of the following 136 CVEs and 2 Advisories:</p> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Windows Certificates</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV230001">ADV230001</a></td> <td></td> <td></td> <td>Exploitation Detected</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows EFI Partition</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV230002">ADV230002</a></td> <td></td> <td></td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Netlogon</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21526">CVE-2023-21526</a></td> <td>7.4</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21756">CVE-2023-21756</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Admin Center</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29347">CVE-2023-29347</a></td> <td>8.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cluster Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32033">CVE-2023-32033</a></td> <td>6.6</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32034">CVE-2023-32034</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32035">CVE-2023-32035</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer 2 Tunneling Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32037">CVE-2023-32037</a></td> <td>6.5</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows ODBC Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32038">CVE-2023-32038</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Printer Drivers</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32039">CVE-2023-32039</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Printer Drivers</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32040">CVE-2023-32040</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Update Orchestrator Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32041">CVE-2023-32041</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows OLE</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32042">CVE-2023-32042</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32043">CVE-2023-32043</a></td> <td>6.8</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32044">CVE-2023-32044</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32045">CVE-2023-32045</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MSHTML Platform</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32046">CVE-2023-32046</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Paint 3D</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32047">CVE-2023-32047</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SmartScreen</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32049">CVE-2023-32049</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32050">CVE-2023-32050</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Codecs Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32051">CVE-2023-32051</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Power Apps</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32052">CVE-2023-32052</a></td> <td>6.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32053">CVE-2023-32053</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Volume Shadow Copy</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32054">CVE-2023-32054</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Active Template Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32055">CVE-2023-32055</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Server Update Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32056">CVE-2023-32056</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32057">CVE-2023-32057</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Failover Cluster</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32083">CVE-2023-32083</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HTTP.sys</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32084">CVE-2023-32084</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Printer Drivers</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-32085">CVE-2023-32085</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33127">CVE-2023-33127</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33134">CVE-2023-33134</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33148">CVE-2023-33148</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33149">CVE-2023-33149</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33150">CVE-2023-33150</a></td> <td>9.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33151">CVE-2023-33151</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Access</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33152">CVE-2023-33152</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33153">CVE-2023-33153</a></td> <td>6.8</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Partition Management Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33154">CVE-2023-33154</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33155">CVE-2023-33155</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33156">CVE-2023-33156</a></td> <td>6.3</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33157">CVE-2023-33157</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33158">CVE-2023-33158</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33159">CVE-2023-33159</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33160">CVE-2023-33160</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33161">CVE-2023-33161</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33162">CVE-2023-33162</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Network Load Balancing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33163">CVE-2023-33163</a></td> <td>7.5</td> <td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33164">CVE-2023-33164</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33165">CVE-2023-33165</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33166">CVE-2023-33166</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33167">CVE-2023-33167</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33168">CVE-2023-33168</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33169">CVE-2023-33169</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>ASP.NET and .NET</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33170">CVE-2023-33170</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33171">CVE-2023-33171</a></td> <td>6.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33172">CVE-2023-33172</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33173">CVE-2023-33173</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-33174">CVE-2023-33174</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Printer Drivers</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35296">CVE-2023-35296</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PGM</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35297">CVE-2023-35297</a></td> <td>7.5</td> <td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HTTP.sys</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35298">CVE-2023-35298</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35299">CVE-2023-35299</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35300">CVE-2023-35300</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Printer Drivers</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35302">CVE-2023-35302</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td><strong>Yes</strong></td> <td>No</td> </tr> <tr> <td>Microsoft Windows Codecs Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35303">CVE-2023-35303</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35304">CVE-2023-35304</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35305">CVE-2023-35305</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Printer Drivers</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35306">CVE-2023-35306</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MSHTML Platform</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35308">CVE-2023-35308</a></td> <td>4.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35309">CVE-2023-35309</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: DNS Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35310">CVE-2023-35310</a></td> <td>6.6</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35311">CVE-2023-35311</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows VOLSNAP.SYS</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35312">CVE-2023-35312</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Online Certificate Status Protocol (OCSP) SnapIn</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35313">CVE-2023-35313</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35314">CVE-2023-35314</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer-2 Bridge Network Driver</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35315">CVE-2023-35315</a></td> <td>8.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35316">CVE-2023-35316</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Server Update Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35317">CVE-2023-35317</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35318">CVE-2023-35318</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Procedure Call</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35319">CVE-2023-35319</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected User Experiences and Telemetry</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35320">CVE-2023-35320</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Deployment Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35321">CVE-2023-35321</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Deployment Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35322">CVE-2023-35322</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Online Certificate Status Protocol (OCSP) SnapIn</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35323">CVE-2023-35323</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Printer Drivers</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35324">CVE-2023-35324</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Print Spooler Components</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35325">CVE-2023-35325</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows CDP User Components</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35326">CVE-2023-35326</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Transaction Manager</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35328">CVE-2023-35328</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Authentication Methods</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35329">CVE-2023-35329</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SPNEGO Extended Negotiation</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35330">CVE-2023-35330</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Security Authority (LSA)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35331">CVE-2023-35331</a></td> <td>6.5</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35332">CVE-2023-35332</a></td> <td>6.8</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Media-Wiki Extensions</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35333">CVE-2023-35333</a></td> <td>7.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35335">CVE-2023-35335</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MSHTML Platform</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35336">CVE-2023-35336</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35337">CVE-2023-35337</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Peer Name Resolution Protocol</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35338">CVE-2023-35338</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows CryptoAPI</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35339">CVE-2023-35339</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows CNG Key Isolation Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35340">CVE-2023-35340</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Media</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35341">CVE-2023-35341</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Image Acquisition</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35342">CVE-2023-35342</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Geolocation Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35343">CVE-2023-35343</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: DNS Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35344">CVE-2023-35344</a></td> <td>6.6</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: DNS Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35345">CVE-2023-35345</a></td> <td>6.6</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: DNS Server</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35346">CVE-2023-35346</a></td> <td>6.6</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows App Store</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35347">CVE-2023-35347</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Active Directory</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35348">CVE-2023-35348</a></td> <td>7.5</td> <td>CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Active Directory Certificate Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35350">CVE-2023-35350</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Active Directory Certificate Services</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35351">CVE-2023-35351</a></td> <td>6.6</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35352">CVE-2023-35352</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected User Experiences and Telemetry</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35353">CVE-2023-35353</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35356">CVE-2023-35356</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35357">CVE-2023-35357</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35358">CVE-2023-35358</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NT OS Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35360">CVE-2023-35360</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NT OS Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35361">CVE-2023-35361</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Clip Service</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35362">CVE-2023-35362</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35363">CVE-2023-35363</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NT OS Kernel</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35364">CVE-2023-35364</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35365">CVE-2023-35365</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35366">CVE-2023-35366</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35367">CVE-2023-35367</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Mono Authenticode</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35373">CVE-2023-35373</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Paint 3D</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35374">CVE-2023-35374</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-35392">CVE-2023-35392</a></td> <td>4.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36867">CVE-2023-36867</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Service Fabric</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36868">CVE-2023-36868</a></td> <td>6.5</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Active Directory</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36871">CVE-2023-36871</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C</td> <td></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Codecs Library</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36872">CVE-2023-36872</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Error Reporting</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36874">CVE-2023-36874</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36883">CVE-2023-36883</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36884">CVE-2023-36884</a></td> <td>8.3</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36887">CVE-2023-36887</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36888">CVE-2023-36888</a></td> <td>6.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38173">CVE-2023-38173</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38187">CVE-2023-38187</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-11-non-microsoft-cves">We are republishing 11 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3727">CVE-2023-3727</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3728">CVE-2023-3728</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3730">CVE-2023-3730</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3732">CVE-2023-3732</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3733">CVE-2023-3733</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3734">CVE-2023-3734</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3735">CVE-2023-3735</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3736">CVE-2023-3736</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3737">CVE-2023-3737</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3738">CVE-2023-3738</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-3740">CVE-2023-3740</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5028166">5028166</a></td> <td>Windows 10, version 21H2 and Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5028168">5028168</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5028171">5028171</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5028182">5028182</a></td> <td>Windows 11, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5028185">5028185</a></td> <td>Windows 11, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5028222">5028222</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5028224">5028224</a></td> <td>Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5028226">5028226</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5028240">5028240</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. .NET 6.0 .NET 7.0 Microsoft Visual Studio 2022 version 17.0 Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.6 PowerShell 7.2 PowerShell 7.3 PandocUpload Mono 6.12.0 Visual Studio Code - GitHub Pull Requests and Issues Extension Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Raw Image Extension on Windows 11 version 21H2 for x64-based Systems Raw Image Extension on Windows 11 version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for x64-based Systems Raw Image Extension on Windows 11 Version 22H2 for ARM64-based Systems Raw Image Extension on Windows 11 Version 22H2 for x64-based Systems Raw Image Extension on Windows 10 Version 22H2 for x64-based Systems Raw Image Extension on Windows 10 Version 22H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 22H2 for 32-bit Systems VP9 Video Extensions Windows Admin Center Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2019 for Mac Microsoft Office LTSC for Mac 2021 Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (64-bit edition) Microsoft Outlook 2013 (32-bit editions) Microsoft Outlook 2013 (64-bit editions) Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2016 (32-bit edition) Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Enterprise Server 2016 Microsoft Office for Universal Microsoft Office Online Server Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Paint 3D Microsoft Edge for Android Microsoft Edge for iOS Microsoft Edge (Chromium-based) Microsoft Edge (Chromium-based) Extended Stable Microsoft Malware Protection Engine Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft Dynamics 365 (on-premises) version 9.1 Microsoft Power Apps (online) Azure Service Fabric 9.0 for Windows Azure Service Fabric 9.1 for Windows CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft Outlook 2013 (32-bit editions) Microsoft Outlook 2013 (64-bit editions) Windows Server 2012 Windows Server 2012 (Server Core installation) Microsoft Outlook 2013 RT Service Pack 1 Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft SharePoint Server 2019 Microsoft Office Online Server Windows Admin Center Microsoft Edge (Chromium-based) Microsoft Dynamics 365 (on-premises) version 9.0 Paint 3D Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Raw Image Extension on Windows 11 version 21H2 for x64-based Systems Raw Image Extension on Windows 11 version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for 32-bit Systems Raw Image Extension on Windows 10 Version 21H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 21H2 for x64-based Systems Raw Image Extension on Windows 11 Version 22H2 for ARM64-based Systems Raw Image Extension on Windows 11 Version 22H2 for x64-based Systems Raw Image Extension on Windows 10 Version 22H2 for x64-based Systems Raw Image Extension on Windows 10 Version 22H2 for ARM64-based Systems Raw Image Extension on Windows 10 Version 22H2 for 32-bit Systems Microsoft Edge for Android Mono 6.12.0 VP9 Video Extensions Visual Studio Code - GitHub Pull Requests and Issues Extension Microsoft Malware Protection Engine Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Edge for iOS Microsoft Visual Studio 2022 version 17.0 PowerShell 7.2 .NET 6.0 Microsoft Visual Studio 2022 version 17.2 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft Visual Studio 2022 version 17.4 .NET 7.0 PowerShell 7.3 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft Edge (Chromium-based) Extended Stable Microsoft Office for Universal Azure Service Fabric 9.1 for Windows Microsoft Visual Studio 2022 version 17.6 Azure Service Fabric 9.0 for Windows PandocUpload Microsoft Power Apps (online) azl3 shim-unsigned-x64 15.8-5 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.8-5 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-6 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.158.1-1 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-9 on CBL Mariner 2.0 cbl2 golang 1.21.6-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.153.1-1 on CBL Mariner 2.0 cbl2 nodejs 16.20.2-2 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 cmake 3.30.3-6 on Azure Linux 3.0 azl3 golang 1.23.7-1 on Azure Linux 3.0 azl3 libsndfile 1.2.2-3 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 cm1 kernel 5.10.188.1-1 on CBL Mariner 1.0 cbl2 kernel 5.15.122.1-2 on CBL Mariner 2.0 cm1 openssh 8.9p1-3 on CBL Mariner 1.0 cbl2 openssh 8.9p1-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.122.1-1 on CBL Mariner 2.0 cbl2 hyperv-daemons 5.15.145.2-1 on CBL Mariner 2.0 cbl2 kernel 5.15.118.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.126.1-1 on CBL Mariner 2.0 cbl2 libtiff 4.5.1-1 on CBL Mariner 2.0 cbl2 edk2 20230301gitf80f052277c8-37 on CBL Mariner 2.0 azl3 edk2 20230301gitf80f052277c8-37 on Azure Linux 3.0 cbl2 nodejs18 18.17.1-2 on CBL Mariner 2.0 azl3 tensorflow 2.16.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.135.1-2 on CBL Mariner 2.0 cbl2 rust 1.68.2-5 on CBL Mariner 2.0 cbl2 rust 1.72.0-2 on CBL Mariner 2.0 cbl2 openssl 1.1.1k-28 on CBL Mariner 2.0 cbl2 openssl 1.1.1k-26 on CBL Mariner 2.0 azl3 rust 1.68.2-5 on Azure Linux 3.0 cbl2 golang 1.20.7-1 on CBL Mariner 2.0 cbl2 msft-golang 1.20.7-1 on CBL Mariner 2.0 azl3 golang 1.20.7-1 on Azure Linux 3.0 cbl2 qemu 6.2.0-23 on CBL Mariner 2.0 azl3 shim 15.8-5 on Azure Linux 3.0 azl3 libtiff 4.6.0-6 on Azure Linux 3.0 azl3 qemu 8.2.0-1 on Azure Linux 3.0 cbl2 kernel 5.15.137.1-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-19 on CBL Mariner 2.0 cbl2 kernel 5.15.131.1-2 on CBL Mariner 2.0 cbl2 mysql 8.0.34-1 on CBL Mariner 2.0 azl3 tensorflow 2.11.1-1 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 php 8.1.22-1 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-9 on CBL Mariner 2.0 cbl2 curl 8.2.1-1 on CBL Mariner 2.0 cbl2 nghttp2 1.46.0-3 on CBL Mariner 2.0 cbl2 cmake 3.21.4-8 on CBL Mariner 2.0 cbl2 iperf3 3.14-1 on CBL Mariner 2.0 cbl2 gdb 11.2-3 on CBL Mariner 2.0 cbl2 crash 8.0.1-3 on CBL Mariner 2.0 azl3 gdb 13.2-3 on Azure Linux 3.0 azl3 crash 8.0.4-3 on Azure Linux 3.0 cbl2 mariadb 10.6.9-3.cm2 on CBL Mariner 2.0 cbl2 javapackages-bootstrap 1.5.0-4 on CBL Mariner 2.0 azl3 javapackages-bootstrap 1.5.0-4 on Azure Linux 3.0 cbl2 tang 14-1 on CBL Mariner 2.0 azl3 libvirt 7.10.0-5 on Azure Linux 3.0 azl3 yasm 1.3.0-16 on Azure Linux 3.0 azl3 python-certifi 2023.05.07-1.cm2 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 azl3 qemu 6.2.0-18 on Azure Linux 3.0 azl3 rpm-ostree 2022.1-7 on Azure Linux 3.0 azl3 python-pygments 2.4.2-1 on Azure Linux 3.0 azl3 libsndfile 1.2.2-2 on Azure Linux 3.0 azl3 libsndfile 1.2.2-1 on Azure Linux 3.0 azl3 grub2 2.06-14 on Azure Linux 3.0 azl3 crash 8.0.4-4 on Azure Linux 3.0 azl3 binutils 2.41-5 on Azure Linux 3.0 cbl2 redis 6.2.13-2 on CBL Mariner 2.0 cbl2 pcre2 10.42-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 grub2 2.06-23 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 cbl2 hvloader 1.0.1-11 on CBL Mariner 2.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 golang 1.17.13-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-5 on CBL Mariner 2.0 azl3 gdb 13.2-4 on Azure Linux 3.0 azl3 shim 15.4-2 on Azure Linux 3.0 azl3 shim-unsigned-aarch64 15.4-2 on Azure Linux 3.0 azl3 shim-unsigned-x64 15.4-3 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.153.1-1 on CBL Mariner 2.0 azl3 ostree 2022.1-4 on Azure Linux 3.0 azl3 python-certifi 2023.05.07-1 on Azure Linux 3.0 azl3 libsndfile 1.0.31-2 on Azure Linux 3.0 azl3 kata-containers-cc 0.6.1-4 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22033 18287-16823 18287-16823 Moderate 18287-16823 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22053 18287-16823 18287-16823 Moderate 18287-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22054 18287-16823 18287-16823 Moderate 18287-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Out-of-bounds read when setting hmac data <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2860 Out-of-bounds Read 17832-16823 17832-16823 Moderate 17832-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 17832-16823 CBL-Mariner Releases 17832-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 CBL-Mariner Releases 1.0 2023-08-05T00:00:00 <p>Information published.</p> Tree connection null pointer dereference denial-of-service vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32248 NULL Pointer Dereference 17832-16823 17832-16823 Important 17832-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17832-16823 CBL-Mariner Releases 17832-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> Session race condition remote code execution vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32257 Improper Locking 17917-16823 17828-16823 17917-16823 17828-16823 Important 17917-16823 Important 17828-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17917-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17828-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases CBL-Mariner Releases 17828-16823 No Security Update 5.15.145.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17828-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Information published.</p> Session race condition remote code execution vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32258 Improper Locking 17917-16823 17828-16823 17917-16823 17828-16823 Important 17917-16823 Important 17828-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17917-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17828-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases CBL-Mariner Releases 17828-16823 No Security Update 5.15.145.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17828-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Information published.</p> Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3354 NULL Pointer Dereference 18280-16823 18233-17084 18535-17084 18280-16823 18233-17084 18535-17084 Important 18280-16823 Important 18233-17084 Important 18535-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18280-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18233-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18535-17084 CBL-Mariner Releases 18280-16823 No Security Update 6.2.0-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18280-16823 CBL-Mariner Releases CBL-Mariner Releases 18233-17084 18535-17084 No Security Update 8.2.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18233-17084 18535-17084 CBL-Mariner Releases 4.2 2026-02-18T01:47:02 <p>Information published.</p> 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-06T00:00:00 <p>Information published.</p> 1.2 2024-08-07T00:00:00 <p>Information published.</p> 1.3 2024-08-08T00:00:00 <p>Information published.</p> 1.4 2024-08-09T00:00:00 <p>Information published.</p> 1.5 2024-08-10T00:00:00 <p>Information published.</p> 1.6 2024-08-11T00:00:00 <p>Information published.</p> 1.7 2024-08-12T00:00:00 <p>Information published.</p> 1.8 2024-08-16T00:00:00 <p>Information published.</p> 1.9 2024-08-17T00:00:00 <p>Information published.</p> 2.0 2024-08-18T00:00:00 <p>Information published.</p> 2.1 2024-08-19T00:00:00 <p>Information published.</p> 2.2 2024-08-20T00:00:00 <p>Information published.</p> 2.3 2024-08-21T00:00:00 <p>Information published.</p> 2.4 2024-08-22T00:00:00 <p>Information published.</p> 2.5 2024-08-23T00:00:00 <p>Information published.</p> 2.6 2024-08-24T00:00:00 <p>Information published.</p> 2.7 2024-08-25T00:00:00 <p>Information published.</p> 2.8 2024-08-26T00:00:00 <p>Information published.</p> 2.9 2024-08-27T00:00:00 <p>Information published.</p> 3.0 2024-08-28T00:00:00 <p>Information published.</p> 3.1 2024-08-29T00:00:00 <p>Information published.</p> 3.2 2024-08-30T00:00:00 <p>Information published.</p> 3.3 2024-08-31T00:00:00 <p>Information published.</p> 3.4 2024-09-01T00:00:00 <p>Information published.</p> 3.5 2024-09-02T00:00:00 <p>Information published.</p> 3.6 2024-09-03T00:00:00 <p>Information published.</p> 3.7 2024-09-05T00:00:00 <p>Information published.</p> 3.8 2024-09-06T00:00:00 <p>Information published.</p> 3.9 2024-09-07T00:00:00 <p>Information published.</p> 4.0 2024-09-08T00:00:00 <p>Information published.</p> 4.1 2024-09-11T00:00:00 <p>Information published.</p> Kernel: vmwgfx: race condition leading to information disclosure vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-33951 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17917-16823 17327-16823 17917-16823 17327-16823 Moderate 17917-16823 Moderate 17327-16823 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 17917-16823 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 17327-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases CBL-Mariner Releases 17327-16823 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17327-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Information published.</p> Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3567 Use After Free 17832-16823 17832-16823 Important 17832-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17832-16823 CBL-Mariner Releases 17832-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-35945 Incomplete Cleanup 17866-16823 18338-16823 18339-16823 17454-16823 17464-17084 19671-17084 19686-17084 17866-16823 18338-16823 18339-16823 17454-16823 17464-17084 19671-17084 19686-17084 Important 17866-16823 Important 18338-16823 Important 18339-16823 Important 17454-16823 Important 17464-17084 Important 19671-17084 Important 19686-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17866-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18338-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18339-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17454-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17464-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19671-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19686-17084 CBL-Mariner Releases 17866-16823 No Security Update 18.17.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17866-16823 CBL-Mariner Releases CBL-Mariner Releases 18338-16823 No Security Update 1.46.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18338-16823 CBL-Mariner Releases CBL-Mariner Releases 18339-16823 No Security Update 3.21.4-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18339-16823 CBL-Mariner Releases CBL-Mariner Releases 17454-16823 No Security Update 16.20.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17454-16823 CBL-Mariner Releases CBL-Mariner Releases 17464-17084 No Security Update 3.21.4-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17464-17084 CBL-Mariner Releases 1.0 2023-08-01T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Information published.</p> 1.2 2025-03-15T00:00:00 <p>Added cmake to Azure Linux 3.0 Added nodejs to CBL-Mariner 2.0 Added cmake to CBL-Mariner 2.0 Added nodejs18 to CBL-Mariner 2.0 Added nghttp2 to CBL-Mariner 2.0</p> 1.3 2026-02-18T01:23:35 <p>Information published.</p> TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Inc. Yes CVE-2023-3724 Improper Input Validation 18345-16823 18345-16823 Important 18345-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18345-16823 CBL-Mariner Releases 18345-16823 No Security Update 10.6.9-3.cm2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18345-16823 CBL-Mariner Releases 1.0 2024-12-12T00:00:00 <p>Information published.</p> An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-37453 Out-of-bounds Read 17917-16823 17917-16823 Moderate 17917-16823 4.6 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17917-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases 1.0 2023-07-14T00:00:00 <p>Information published.</p> Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3750 Improper Locking 18367-17084 18367-17084 Moderate 18367-17084 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 18367-17084 CBL-Mariner Releases 18367-17084 No Security Update 10.0.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18367-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2026-02-18T01:01:40 <p>Information published.</p> Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3773 Out-of-bounds Read 17427-17086 17327-16823 19900-17086 17427-17086 17327-16823 19900-17086 Moderate 17427-17086 Moderate 17327-16823 19900-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 17427-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 17327-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 19900-17086 CBL-Mariner Releases 17427-17086 17327-16823 19900-17086 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17427-17086 17327-16823 19900-17086 CBL-Mariner Releases 2.0 2026-02-18T03:09:23 <p>Information published.</p> 1.0 2024-01-21T00:00:00 <p>Information published.</p> Certifi's removal of e-Tugra root certificate <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-37920 Insufficient Verification of Data Authenticity 18418-17084 19937-17084 18418-17084 19937-17084 Critical 18418-17084 Critical 19937-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18418-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19937-17084 CBL-Mariner Releases 18418-17084 No Security Update 2023.05.07-1.cm2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18418-17084 CBL-Mariner Releases CBL-Mariner Releases 19937-17084 No Security Update 2024.02.02-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19937-17084 CBL-Mariner Releases 1.1 2026-02-18T01:29:16 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> Excessive time spent checking DH q parameter value <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-3817 Excessive Iteration 19678-17086 19662-17086 17459-17084 19686-17084 17374-16823 17856-16823 17944-16823 18134-16823 18135-17084 17859-17084 20084-17084 19671-17084 17093-17086 19678-17086 19662-17086 17459-17084 19686-17084 17374-16823 17856-16823 17944-16823 18134-16823 18135-17084 17859-17084 20084-17084 19671-17084 17093-17086 Moderate 19678-17086 19662-17086 Moderate 17459-17084 Moderate 19686-17084 Moderate 17374-16823 Moderate 17856-16823 Moderate 17944-16823 Moderate 18134-16823 Moderate 18135-17084 Moderate 17859-17084 Moderate 20084-17084 Moderate 19671-17084 Moderate 17093-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19678-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19662-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17459-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19686-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17374-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17856-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17944-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18134-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18135-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17859-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20084-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19671-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17093-17086 CBL-Mariner Releases 19678-17086 No Security Update 1.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19678-17086 CBL-Mariner Releases CBL-Mariner Releases 17374-16823 No Security Update 1.0.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17374-16823 CBL-Mariner Releases CBL-Mariner Releases 17856-16823 17859-17084 No Security Update 20230301gitf80f052277c8-37 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17856-16823 17859-17084 CBL-Mariner Releases CBL-Mariner Releases 17944-16823 18135-17084 No Security Update 1.68.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17944-16823 18135-17084 CBL-Mariner Releases CBL-Mariner Releases 18134-16823 No Security Update 1.1.1k-26 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18134-16823 CBL-Mariner Releases CBL-Mariner Releases 20084-17084 No Security Update 3.2.0.azl0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20084-17084 CBL-Mariner Releases 2.0 2026-02-18T01:56:50 <p>Information published.</p> 1.0 2023-08-07T00:00:00 <p>Information published.</p> 1.1 2023-10-11T00:00:00 <p>Added edk2 to CBL-Mariner 2.0</p> 1.2 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.3 2024-06-30T07:00:00 <p>Information published.</p> The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38325 Improper Certificate Validation 1.0 2024-06-30T07:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38426 Out-of-bounds Read 17823-16820 17824-16823 17823-16820 17824-16823 Critical 17823-16820 Critical 17824-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17823-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-28T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID leading to an out-of-bounds read. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38430 Out-of-bounds Read 17823-16820 17824-16823 17823-16820 17824-16823 Critical 17823-16820 Critical 17824-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17823-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-28T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification leading to an out-of-bounds read. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38432 Out-of-bounds Read 17823-16820 17827-16823 17824-16823 17823-16820 17827-16823 17824-16823 Critical 17823-16820 Critical 17827-16823 Critical 17824-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17823-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17827-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17827-16823 No Security Update 5.15.122.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17827-16823 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-28T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3863 Use After Free 17823-16820 17824-16823 17823-16820 17824-16823 Moderate 17823-16820 Moderate 17824-16823 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17823-16820 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> 1.1 2023-08-02T00:00:00 <p>Information published.</p> GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-39130 Out-of-bounds Write 18341-16823 18342-16823 18343-17084 18344-17084 18844-17084 19818-17084 18341-16823 18342-16823 18343-17084 18344-17084 18844-17084 19818-17084 Moderate 18341-16823 Moderate 18342-16823 Moderate 18343-17084 Moderate 18344-17084 Moderate 18844-17084 Moderate 19818-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18341-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18342-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18343-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18844-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19818-17084 CBL-Mariner Releases 18341-16823 No Security Update 11.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18341-16823 CBL-Mariner Releases CBL-Mariner Releases 18342-16823 No Security Update 8.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18342-16823 CBL-Mariner Releases CBL-Mariner Releases 18343-17084 19818-17084 No Security Update 13.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18343-17084 19818-17084 CBL-Mariner Releases CBL-Mariner Releases 18344-17084 No Security Update 8.0.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18344-17084 CBL-Mariner Releases CBL-Mariner Releases 18844-17084 No Security Update 8.0.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18844-17084 CBL-Mariner Releases 1.1 2024-11-09T00:00:00 <p>Added gdb to Azure Linux 3.0 Added gdb to CBL-Mariner 2.0</p> 1.0 2024-11-01T00:00:00 <p>Information published.</p> 1.2 2026-02-18T01:35:01 <p>Information published.</p> Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-4004 Use After Free 17832-16823 17832-16823 Important 17832-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17832-16823 CBL-Mariner Releases 17832-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 CBL-Mariner Releases 1.0 2023-08-05T00:00:00 <p>Information published.</p> Insufficient sanitization of Host header in net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-29406 Interpretation Conflict 19679-17084 19778-17086 17375-16823 18140-16823 18138-16823 18141-17084 18315-17084 19785-17086 19712-17086 19668-17086 17667-17084 19693-17084 17485-17084 19697-17084 19679-17084 19778-17086 17375-16823 18140-16823 18138-16823 18141-17084 18315-17084 19785-17086 19712-17086 19668-17086 17667-17084 19693-17084 17485-17084 19697-17084 Moderate 19679-17084 Moderate 19778-17086 Moderate 17375-16823 Moderate 18140-16823 Moderate 18138-16823 Moderate 18141-17084 Moderate 18315-17084 Moderate 19785-17086 Moderate 19712-17086 Moderate 19668-17086 Moderate 17667-17084 Moderate 19693-17084 Moderate 17485-17084 Moderate 19697-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19679-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19778-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 17375-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 18140-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 18138-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 18141-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 18315-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19785-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19712-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19668-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 17667-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 17485-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 19697-17084 CBL-Mariner Releases 19778-17086 19785-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19778-17086 19785-17086 CBL-Mariner Releases CBL-Mariner Releases 17375-16823 No Security Update 1.21.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17375-16823 CBL-Mariner Releases CBL-Mariner Releases 18140-16823 18138-16823 18141-17084 No Security Update 1.20.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18140-16823 18138-16823 18141-17084 CBL-Mariner Releases 1.1 2026-02-18T02:39:40 <p>Information published.</p> 1.0 2025-09-04T00:12:26 <p>Information published.</p> Segmentation fault in fax3encode in libtiff/tif_fax3.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3618 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 18229-17084 17837-16823 18229-17084 17837-16823 Moderate 18229-17084 Moderate 17837-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18229-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17837-16823 CBL-Mariner Releases 18229-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18229-17084 CBL-Mariner Releases CBL-Mariner Releases 17837-16823 No Security Update 4.5.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17837-16823 CBL-Mariner Releases 1.0 2025-09-03T21:43:13 <p>Information published.</p> 1.1 2026-02-19T01:20:33 <p>Information published.</p> Heap overflow issue with the Lua cjson library used by Redis <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2022-24834 Heap-based Buffer Overflow 19493-16823 19493-16823 Important 19493-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19493-16823 CBL-Mariner Releases 19493-16823 No Security Update 6.2.13-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19493-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Out-of-bounds write when handling split HTTP headers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-28734 Out-of-bounds Write 18842-17084 19663-17084 18842-17084 19663-17084 Important 18842-17084 Important 19663-17084 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 18842-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19663-17084 CBL-Mariner Releases 18842-17084 19663-17084 No Security Update 2.06-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18842-17084 19663-17084 CBL-Mariner Releases 1.0 2023-07-29T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-19T01:02:07 <p>Information published.</p> The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-28735 18842-17084 19663-17084 18842-17084 19663-17084 Important 18842-17084 Important 19663-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18842-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19663-17084 CBL-Mariner Releases 18842-17084 19663-17084 No Security Update 2.06-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18842-17084 19663-17084 CBL-Mariner Releases 1.0 2023-07-29T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2026-02-19T01:02:20 <p>Information published.</p> Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile allows an attacker to cause Denial of Service or other unspecified impacts. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-33065 Integer Overflow or Wraparound 18840-17084 17592-17084 18840-17084 17592-17084 Important 18840-17084 Important 17592-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18840-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17592-17084 CBL-Mariner Releases 18840-17084 17592-17084 No Security Update 1.2.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18840-17084 17592-17084 CBL-Mariner Releases 1.1 2026-02-19T01:18:41 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-41409 Integer Overflow or Wraparound 19507-16823 19507-16823 Important 19507-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19507-16823 CBL-Mariner Releases 19507-16823 No Security Update 10.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19507-16823 CBL-Mariner Releases 1.0 2023-07-27T00:00:00 <p>Information published.</p> An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-47085 18815-17084 19905-17084 18815-17084 19905-17084 Important 18815-17084 Important 19905-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18815-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19905-17084 CBL-Mariner Releases 18815-17084 No Security Update 2022.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18815-17084 CBL-Mariner Releases CBL-Mariner Releases 19905-17084 No Security Update 2024.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19905-17084 CBL-Mariner Releases 1.2 2026-02-18T01:24:03 <p>Information published.</p> 1.0 2023-07-31T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner snyk Yes CVE-2023-26136 Improperly Controlled Modification of Object Prototype Attributes (&#39;Prototype Pollution&#39;) 19693-17084 19693-17084 Critical 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 1.0 2025-09-03T21:34:38 <p>Information published.</p> 1.1 2026-02-18T02:58:51 <p>Information published.</p> When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-3482 Missing Authorization 18469-17084 18469-17084 Moderate 18469-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 18469-17084 1.0 2025-09-03T23:08:41 <p>Information published.</p> 1.1 2026-02-18T14:48:34 <p>Information published.</p> During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-3600 Use After Free 18469-17084 18469-17084 Important 18469-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-04T05:09:41 <p>Information published.</p> 1.1 2026-02-18T03:11:48 <p>Information published.</p> Possibility of deadlock in libbpf function sock_hash_delete_elem <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-0160 Improper Locking 18282-16823 18282-16823 Moderate 18282-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18282-16823 CBL-Mariner Releases 18282-16823 No Security Update 5.15.131.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18282-16823 CBL-Mariner Releases 1.0 2023-07-28T00:00:00 <p>Information published.</p> Race condition exists in the key generation and rotation functionality <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-1672 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 18348-16823 18348-16823 Moderate 18348-16823 5.3 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 18348-16823 CBL-Mariner Releases 18348-16823 No Security Update 14-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18348-16823 CBL-Mariner Releases 1.0 2023-07-20T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22005 18287-16823 18287-16823 Moderate 18287-16823 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22008 18287-16823 18287-16823 Moderate 18287-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22038 18287-16823 18287-16823 Low 18287-16823 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22046 18287-16823 18287-16823 Moderate 18287-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22048 18287-16823 18287-16823 Low 18287-16823 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22056 18287-16823 18287-16823 Moderate 18287-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22057 18287-16823 18287-16823 Moderate 18287-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2023-22058 18287-16823 18287-16823 Moderate 18287-16823 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 18287-16823 CBL-Mariner Releases 18287-16823 No Security Update 8.0.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18287-16823 CBL-Mariner Releases 1.0 2023-07-26T00:00:00 <p>Information published.</p> A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-2430 Improper Locking 18259-16823 18259-16823 Moderate 18259-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18259-16823 CBL-Mariner Releases 18259-16823 No Security Update 5.15.137.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18259-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> AES-SIV implementation ignores empty associated data entries <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner OpenSSL Software Foundation Yes CVE-2023-2975 Improper Validation of Integrity Check Value 19809-17086 17459-17084 17178-16823 17238-17086 19809-17086 17459-17084 17178-16823 17238-17086 19809-17086 Moderate 17459-17084 Moderate 17178-16823 Moderate 17238-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 19809-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17459-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17178-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 17238-17086 CBL-Mariner Releases 19809-17086 17178-16823 17238-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19809-17086 17178-16823 17238-17086 CBL-Mariner Releases 1.0 2024-11-28T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:21:14 <p>Information published.</p> Rejected reason: We issued this CVE pre-maturely as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner hackerone Yes CVE-2023-32001 19668-17086 18295-17084 18337-16823 17953-16823 17878-17084 19668-17086 18295-17084 18337-16823 17953-16823 17878-17084 19668-17086 18295-17084 Moderate 18337-16823 Moderate 17953-16823 Moderate 17878-17084 CBL-Mariner Releases 18295-17084 17878-17084 No Security Update 2.16.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18295-17084 17878-17084 CBL-Mariner Releases CBL-Mariner Releases 18337-16823 No Security Update 8.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18337-16823 CBL-Mariner Releases CBL-Mariner Releases 17953-16823 No Security Update 1.72.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17953-16823 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> Session setup memory exhaustion denial-of-service vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32247 Missing Release of Memory after Effective Lifetime 17832-16823 17828-16823 17832-16823 17828-16823 Important 17832-16823 Important 17828-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17832-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17828-16823 CBL-Mariner Releases 17832-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 CBL-Mariner Releases CBL-Mariner Releases 17828-16823 No Security Update 5.15.145.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17828-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Information published.</p> Session race condition remote code execution vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32250 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17823-16820 17828-16823 17829-16823 17823-16820 17828-16823 17829-16823 Important 17823-16820 Important 17828-16823 Important 17829-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17823-16820 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17828-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17829-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17828-16823 No Security Update 5.15.145.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17828-16823 CBL-Mariner Releases CBL-Mariner Releases 17829-16823 No Security Update 5.15.118.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17829-16823 CBL-Mariner Releases 1.0 2023-07-18T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Session null pointer dereference denial-of-service vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32252 NULL Pointer Dereference 17917-16823 17828-16823 17917-16823 17828-16823 Important 17917-16823 Important 17828-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17917-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17828-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases CBL-Mariner Releases 17828-16823 No Security Update 5.15.145.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17828-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Information published.</p> Tree connection race condition remote code execution vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-32254 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17823-16820 17828-16823 17829-16823 17823-16820 17828-16823 17829-16823 Important 17823-16820 Important 17828-16823 Important 17829-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17823-16820 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17828-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17829-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17828-16823 No Security Update 5.15.145.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17828-16823 CBL-Mariner Releases CBL-Mariner Releases 17829-16823 No Security Update 5.15.118.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17829-16823 CBL-Mariner Releases 1.0 2023-07-18T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner php Yes CVE-2023-3247 Use of Insufficiently Random Values 18329-16823 18329-16823 Moderate 18329-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 18329-16823 CBL-Mariner Releases 18329-16823 No Security Update 8.1.22-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18329-16823 CBL-Mariner Releases 1.0 2023-07-22T00:00:00 <p>Information published.</p> Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3269 Use After Free 17823-16820 17327-16823 17824-16823 17823-16820 17327-16823 17824-16823 Important 17823-16820 Important 17327-16823 Important 17824-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17327-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17327-16823 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17327-16823 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-20T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-33952 Double Free 17917-16823 17327-16823 17917-16823 17327-16823 Moderate 17917-16823 Moderate 17327-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17917-16823 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17327-16823 CBL-Mariner Releases 17917-16823 No Security Update 5.15.135.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17917-16823 CBL-Mariner Releases CBL-Mariner Releases 17327-16823 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17327-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> 1.1 2023-07-31T00:00:00 <p>Information published.</p> Excessive time spent checking DH keys and parameters <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openssl Yes CVE-2023-3446 Inefficient Regular Expression Complexity 17459-17084 17238-17086 17178-16823 18093-16823 19809-17086 17459-17084 17238-17086 17178-16823 18093-16823 19809-17086 Moderate 17459-17084 Moderate 17238-17086 Moderate 17178-16823 Moderate 18093-16823 19809-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17459-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17238-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17178-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 18093-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19809-17086 CBL-Mariner Releases 17238-17086 17178-16823 19809-17086 No Security Update 1.0.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17238-17086 17178-16823 19809-17086 CBL-Mariner Releases CBL-Mariner Releases 18093-16823 No Security Update 1.1.1k-28 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18093-16823 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-11-28T00:00:00 <p>Added hvloader to CBL-Mariner 2.0 Added openssl to CBL-Mariner 2.0</p> 2.0 2026-02-19T01:21:03 <p>Information published.</p> Use-after-free in Linux kernel's net/sched: cls_u32 component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-3609 Use After Free 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-08-01T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's netfilter: nf_tables component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-3610 Use After Free 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-08-01T00:00:00 <p>Information published.</p> Out-of-bounds write in Linux kernel's net/sched: sch_qfq component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-3611 Out-of-bounds Write 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-08-01T00:00:00 <p>Information published.</p> Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-37460 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 18346-16823 18347-17084 18346-16823 18347-17084 Critical 18346-16823 Critical 18347-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18346-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18347-17084 CBL-Mariner Releases 18346-16823 18347-17084 No Security Update 1.5.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18346-16823 18347-17084 CBL-Mariner Releases 1.0 2023-07-31T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Kernel: xfrm: null pointer dereference in xfrm_update_ae_params() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3772 NULL Pointer Dereference 19900-17086 17427-17086 17327-16823 19900-17086 17427-17086 17327-16823 19900-17086 Moderate 17427-17086 Moderate 17327-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19900-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17427-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17327-16823 CBL-Mariner Releases 19900-17086 17427-17086 17327-16823 No Security Update 5.15.158.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19900-17086 17427-17086 17327-16823 CBL-Mariner Releases 2.0 2026-02-18T03:09:35 <p>Information published.</p> 1.0 2024-01-21T00:00:00 <p>Information published.</p> Use-after-free in Linux kernel's net/sched: cls_fw component <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2023-3776 Use After Free 17823-16820 17824-16823 17823-16820 17824-16823 Important 17823-16820 Important 17824-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17823-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-08-01T00:00:00 <p>Information published.</p> Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3812 Out-of-bounds Write 17832-16823 17832-16823 Important 17832-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17832-16823 CBL-Mariner Releases 17832-16823 No Security Update 5.15.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17832-16823 CBL-Mariner Releases 1.0 2023-08-03T00:00:00 <p>Information published.</p> An issue was discovered in Qt before 5.15.15 6.x before 6.2.10 and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38197 Loop with Unreachable Exit Condition ('Infinite Loop') 18333-16823 18333-16823 Important 18333-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18333-16823 CBL-Mariner Releases 18333-16823 No Security Update 5.12.11-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18333-16823 CBL-Mariner Releases 1.0 2023-07-31T00:00:00 <p>Information published.</p> iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38403 Integer Overflow or Wraparound 18340-16823 18340-16823 Important 18340-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18340-16823 CBL-Mariner Releases 18340-16823 No Security Update 3.14-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18340-16823 CBL-Mariner Releases 1.0 2023-08-01T00:00:00 <p>Information published.</p> The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38408 Unquoted Search Path or Element 17825-16820 17826-16823 17825-16820 17826-16823 Critical 17825-16820 Critical 17826-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17825-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17826-16823 CBL-Mariner Releases 17825-16820 No Security Update 8.9p1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17825-16820 CBL-Mariner Releases CBL-Mariner Releases 17826-16823 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17826-16823 CBL-Mariner Releases 1.0 2023-07-31T00:00:00 <p>Information published.</p> An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38409 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 17823-16820 17827-16823 17824-16823 17823-16820 17827-16823 17824-16823 Moderate 17823-16820 Moderate 17827-16823 Moderate 17824-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17823-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17827-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17827-16823 No Security Update 5.15.122.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17827-16823 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-27T00:00:00 <p>Information published.</p> 1.1 2023-08-01T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38427 Out-of-bounds Read 17823-16820 17824-16823 17823-16820 17824-16823 Critical 17823-16820 Critical 17824-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17823-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-28T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer leading to an out-of-bounds read. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38428 Out-of-bounds Read 17823-16820 17824-16823 17823-16820 17824-16823 Critical 17823-16820 Critical 17824-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17823-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-28T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38429 Off-by-one Error 17823-16820 17824-16823 17823-16820 17824-16823 Critical 17823-16820 Critical 17824-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17823-16820 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-28T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes via pdu_size in ksmbd_conn_handler_loop leading to an out-of-bounds read. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-38431 Out-of-bounds Read 17823-16820 17824-16823 17823-16820 17824-16823 Critical 17823-16820 Critical 17824-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17823-16820 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17824-16823 CBL-Mariner Releases 17823-16820 No Security Update 5.10.188.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17823-16820 CBL-Mariner Releases CBL-Mariner Releases 17824-16823 No Security Update 5.15.122.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17824-16823 CBL-Mariner Releases 1.0 2023-07-28T00:00:00 <p>Information published.</p> GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-39128 Out-of-bounds Write 18844-17084 19818-17084 18341-16823 18342-16823 18343-17084 18344-17084 18844-17084 19818-17084 18341-16823 18342-16823 18343-17084 18344-17084 Moderate 18844-17084 Moderate 19818-17084 Moderate 18341-16823 Moderate 18342-16823 Moderate 18343-17084 Moderate 18344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18844-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19818-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18341-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18342-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18343-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18344-17084 CBL-Mariner Releases 18844-17084 No Security Update 8.0.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18844-17084 CBL-Mariner Releases CBL-Mariner Releases 19818-17084 18343-17084 No Security Update 13.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19818-17084 18343-17084 CBL-Mariner Releases CBL-Mariner Releases 18341-16823 No Security Update 11.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18341-16823 CBL-Mariner Releases CBL-Mariner Releases 18342-16823 No Security Update 8.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18342-16823 CBL-Mariner Releases CBL-Mariner Releases 18344-17084 No Security Update 8.0.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18344-17084 CBL-Mariner Releases 1.0 2024-11-01T00:00:00 <p>Information published.</p> 1.1 2024-11-09T00:00:00 <p>Added gdb to Azure Linux 3.0 Added gdb to CBL-Mariner 2.0</p> 1.2 2026-02-18T01:28:52 <p>Information published.</p> GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-39129 Use After Free 18844-17084 18341-16823 18342-16823 18343-17084 18344-17084 19818-17084 18844-17084 18341-16823 18342-16823 18343-17084 18344-17084 19818-17084 Moderate 18844-17084 Moderate 18341-16823 Moderate 18342-16823 Moderate 18343-17084 Moderate 18344-17084 Moderate 19818-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18844-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18341-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18342-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18343-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19818-17084 CBL-Mariner Releases 18844-17084 No Security Update 8.0.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18844-17084 CBL-Mariner Releases CBL-Mariner Releases 18341-16823 No Security Update 11.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18341-16823 CBL-Mariner Releases CBL-Mariner Releases 18342-16823 No Security Update 8.0.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18342-16823 CBL-Mariner Releases CBL-Mariner Releases 18343-17084 19818-17084 No Security Update 13.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18343-17084 19818-17084 CBL-Mariner Releases CBL-Mariner Releases 18344-17084 No Security Update 8.0.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18344-17084 CBL-Mariner Releases 1.0 2024-11-01T00:00:00 <p>Information published.</p> 1.1 2024-11-09T00:00:00 <p>Added gdb to Azure Linux 3.0 Added gdb to CBL-Mariner 2.0</p> 1.2 2026-02-18T01:33:57 <p>Information published.</p> A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-40896 Unrestricted Upload of File with Dangerous Type 18836-17084 18836-17084 Moderate 18836-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18836-17084 CBL-Mariner Releases 18836-17084 No Security Update 2.4.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18836-17084 CBL-Mariner Releases 1.0 2025-10-01T23:11:24 <p>Information published.</p> Integer underflow in grub_net_recv_ip4_packets <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-28733 Integer Underflow (Wrap or Wraparound) 18842-17084 19663-17084 18842-17084 19663-17084 Important 18842-17084 Important 19663-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18842-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19663-17084 CBL-Mariner Releases 18842-17084 19663-17084 No Security Update 2.06-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18842-17084 19663-17084 CBL-Mariner Releases 1.2 2026-02-19T01:01:54 <p>Information published.</p> 1.0 2023-07-29T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> There's a use-after-free vulnerability in grub_cmd_chainloader() function <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-28736 Use After Free 18842-17084 19663-17084 18842-17084 19663-17084 Important 18842-17084 Moderate 19663-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18842-17084 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 19663-17084 CBL-Mariner Releases 18842-17084 19663-17084 No Security Update 2.06-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18842-17084 19663-17084 CBL-Mariner Releases 1.2 2026-02-19T01:02:32 <p>Information published.</p> 1.0 2023-07-29T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2022-28737 Out-of-bounds Write 19885-17084 19887-17084 19890-17084 17012-17084 17013-17084 18175-17084 19885-17084 19887-17084 19890-17084 17012-17084 17013-17084 18175-17084 Moderate 19885-17084 Moderate 19887-17084 Moderate 19890-17084 Important 17012-17084 Important 17013-17084 Important 18175-17084 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 19885-17084 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 19887-17084 6.5 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 19890-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17012-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17013-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18175-17084 CBL-Mariner Releases 19885-17084 19887-17084 19890-17084 17012-17084 17013-17084 18175-17084 No Security Update 15.8-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19885-17084 19887-17084 19890-17084 17012-17084 17013-17084 18175-17084 CBL-Mariner Releases 1.2 2024-12-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 1.3 2024-12-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 1.4 2024-12-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 1.5 2024-12-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.0 2024-12-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.1 2024-12-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.2 2024-12-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.3 2024-12-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.4 2024-12-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.5 2024-12-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.7 2024-12-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.8 2024-12-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.5 2024-12-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.7 2025-01-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.8 2025-01-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.0 2025-01-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.1 2025-01-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.2 2025-01-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.5 2025-01-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.7 2025-01-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.9 2025-01-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.0 2025-01-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.3 2025-01-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.6 2025-01-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.7 2025-01-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.8 2025-01-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.0 2025-01-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.3 2025-01-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.4 2025-02-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.8 2025-02-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.9 2025-02-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.0 2025-02-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.4 2025-02-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.5 2025-02-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.9 2025-02-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.1 2025-02-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.6 2025-02-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.8 2025-02-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.9 2025-02-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.1 2025-03-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.3 2025-03-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.5 2025-03-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.6 2025-03-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.7 2025-03-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.0 2025-03-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.1 2025-03-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.6 2025-03-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.9 2025-03-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.0 2025-03-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.1 2025-03-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.2 2025-03-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.5 2025-03-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.6 2025-03-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.9 2025-03-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.0 2025-04-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.2 2025-04-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.5 2025-04-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.3 2025-04-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.5 2025-04-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.8 2025-04-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.4 2025-04-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.5 2025-04-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.6 2025-04-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.9 2025-05-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.1 2025-05-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.3 2025-05-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.7 2025-05-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.8 2025-05-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.0 2025-05-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.6 2025-05-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.7 2025-05-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 17.1 2025-05-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 17.2 2025-05-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 19.0 2025-05-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 22.1 2026-02-18T02:00:06 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-12-07T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 1.6 2024-12-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 1.7 2024-12-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 1.8 2024-12-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 1.9 2024-12-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.6 2024-12-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 2.9 2024-12-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.0 2024-12-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.1 2024-12-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.2 2024-12-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.3 2024-12-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.4 2024-12-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.6 2025-01-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 3.9 2025-01-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.3 2025-01-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.4 2025-01-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.6 2025-01-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 4.8 2025-01-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.1 2025-01-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.2 2025-01-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.4 2025-01-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.5 2025-01-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 5.9 2025-01-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.1 2025-01-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.2 2025-01-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.5 2025-02-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.6 2025-02-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 6.7 2025-02-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.1 2025-02-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.2 2025-02-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.3 2025-02-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.6 2025-02-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.7 2025-02-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 7.8 2025-02-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.0 2025-02-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.2 2025-02-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.3 2025-02-21T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.4 2025-02-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.5 2025-02-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 8.7 2025-02-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.0 2025-02-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.2 2025-03-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.4 2025-03-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.8 2025-03-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 9.9 2025-03-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.2 2025-03-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.3 2025-03-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.4 2025-03-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.5 2025-03-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.7 2025-03-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 10.8 2025-03-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.3 2025-03-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.4 2025-03-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.7 2025-03-29T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 11.8 2025-03-30T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.1 2025-04-03T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.3 2025-04-05T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.4 2025-04-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.6 2025-04-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.7 2025-04-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.8 2025-04-11T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 12.9 2025-04-12T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.0 2025-04-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.1 2025-04-14T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.2 2025-04-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.4 2025-04-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.6 2025-04-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.7 2025-04-20T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 13.9 2025-04-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.0 2025-04-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.1 2025-04-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.2 2025-04-25T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.3 2025-04-26T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.7 2025-05-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 14.8 2025-05-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.0 2025-05-04T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.2 2025-05-06T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.4 2025-05-08T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.5 2025-05-09T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.6 2025-05-10T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 15.9 2025-05-13T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.1 2025-05-15T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.2 2025-05-16T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.3 2025-05-17T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.4 2025-05-18T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.5 2025-05-19T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.8 2025-05-22T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 16.9 2025-05-23T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 17.0 2025-05-24T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 17.3 2025-05-27T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 18.0 2025-05-28T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 20.0 2025-05-31T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 21.0 2025-06-01T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> 22.0 2025-06-02T00:00:00 <p>Added shim to Azure Linux 3.0 Added shim-unsigned-aarch64 to Azure Linux 3.0 Added shim to CBL-Mariner 2.0</p> An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0 results in a write out of bound which allows an attacker to execute arbitrary code Denial of Service or other unspecified impacts. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2022-33064 Off-by-one Error 18841-17084 20068-17084 18841-17084 20068-17084 Important 18841-17084 Important 20068-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18841-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20068-17084 CBL-Mariner Releases 18841-17084 20068-17084 No Security Update 1.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18841-17084 20068-17084 CBL-Mariner Releases 1.1 2026-02-19T01:18:31 <p>Information published.</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-3019 Use After Free 18160-16823 19662-17086 17093-17086 18160-16823 19662-17086 17093-17086 Moderate 18160-16823 19662-17086 Moderate 17093-17086 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 18160-16823 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 19662-17086 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 17093-17086 CBL-Mariner Releases 18160-16823 19662-17086 17093-17086 No Security Update 6.2.0-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18160-16823 19662-17086 17093-17086 CBL-Mariner Releases 1.0 2025-04-17T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:52:31 <p>Information published.</p> Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-37732 NULL Pointer Dereference 18417-17084 18417-17084 Moderate 18417-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18417-17084 CBL-Mariner Releases 18417-17084 No Security Update 1.3.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18417-17084 CBL-Mariner Releases 2.0 2025-07-11T00:00:00 <p>Added yasm to CBL-Mariner 2.0 Added yasm to Azure Linux 3.0</p> 1.0 2025-05-27T00:00:00 <p>Information published.</p> Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-37464 Use of a Broken or Risky Cryptographic Algorithm 1.0 2025-08-07T00:00:00 <p>Information published.</p> An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2021-32256 Out-of-bounds Write 19280-17084 18315-17084 19280-17084 18315-17084 Moderate 19280-17084 Moderate 18315-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19280-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 18315-17084 CBL-Mariner Releases 19280-17084 18315-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19280-17084 18315-17084 CBL-Mariner Releases 1.0 2025-09-04T00:08:01 <p>Information published.</p> 1.1 2026-02-18T15:02:46 <p>Information published.</p> Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2023-37203 18469-17084 18469-17084 Important 18469-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-04T04:35:56 <p>Information published.</p> 1.1 2026-02-18T03:10:45 <p>Information published.</p> .NET and Visual Studio Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by abusing the .NET diagnostics server to gain elevation of privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p> .NET and Visual Studio Microsoft Yes CVE-2023-33127 Insufficient Granularity of Access Control 12009 12130 11969 12051 12129 12187 11970 12131 Elevation of Privilege 12009 Elevation of Privilege 12130 Elevation of Privilege 11969 Elevation of Privilege 12051 Elevation of Privilege 12129 Elevation of Privilege 12187 Elevation of Privilege 11970 Elevation of Privilege 12131 Important 12009 Important 12130 Important 11969 Important 12051 Important 12129 Important 12187 Important 11970 Important 12131 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12009 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12130 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12129 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12187 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11970 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12131 5028705 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.20 5028706 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.9 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.23 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.17 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.9 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.5 Release Notes https://github.com/PowerShell/Announcements/issues/48 11970 Maybe Security Update 7.2.13 Release Notes https://github.com/PowerShell/Announcements/issues/48 12131 Maybe Security Update 7.3.6 <a href="https://twitter.com/bohops">Jimmy Bayne</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> 2.0 2023-07-14T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/48">https://github.com/PowerShell/Announcements/issues/48</a> for more information.</p> Windows Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Graphics Component Microsoft Yes CVE-2023-21756 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Input and Composition Servicing team 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Office Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a local attack potentially enabling access to the victim user's information, the ability to alter information, or the ability to cause downtime to the target environment.</p> Microsoft Office Microsoft Yes CVE-2023-33148 Improper Link Resolution Before File Access ('Link Following') 11441 11442 11573 11574 11762 11763 11952 11953 Elevation of Privilege 11441 Elevation of Privilege 11442 Elevation of Privilege 11573 Elevation of Privilege 11574 Elevation of Privilege 11762 Elevation of Privilege 11763 Elevation of Privilege 11952 Elevation of Privilege 11953 Important 11441 Important 11442 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11441 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11442 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11441 11442 Maybe Security Update 15.0.5571.1000 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases Ruslan Sayfiev and Denis Faiustov 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Office Graphics Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Graphics Component Microsoft Yes CVE-2023-33149 Use After Free 11573 11574 11575 11762 11763 11951 11952 11953 10753 10754 10603 10601 10602 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10603 Remote Code Execution 10601 Remote Code Execution 10602 Important 11573 Important 11574 Important 11575 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10753 Important 10754 Important 10603 Important 10601 Important 10602 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10603 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10601 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10602 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.75.23070901 5002419 https://www.microsoft.com/download/details.aspx?familyid=2c122751-60ad-444b-a4d5-9a1f28fce02f 5002288 10753 Maybe Security Update 16.0.5404.1000 4493154 https://www.microsoft.com/download/details.aspx?familyid=1d17dc49-9be0-4096-be26-21792a668f41 4011628 10753 Maybe Security Update 16.0.5404.1000 5002419 https://www.microsoft.com/download/details.aspx?familyid=9bb0ea52-2b77-4dfc-a29b-dc91bdce2a2f 5002288 10754 Maybe Security Update 16.0.5404.1000 4493154 https://www.microsoft.com/download/details.aspx?familyid=80914a0e-705a-4fde-8b93-eec2b93ec4aa 4011628 10754 Maybe Security Update 16.0.5404.1000 5002400 5002279 10603 Maybe Security Update 15.0.5571.1000 5001952 4464542 10603 Maybe Security Update 15.0.5571.1000 5002400 https://www.microsoft.com/download/details.aspx?familyid=11240aa6-efa8-405a-bc94-b21d63fd3f58 5002279 10601 Maybe Security Update 15.0.5571.1000 5001952 https://www.microsoft.com/download/details.aspx?familyid=39ddb11c-326a-41cf-9e4f-53aec3e84f1b 4464542 10601 Maybe Security Update 15.0.5571.1000 5002400 https://www.microsoft.com/download/details.aspx?familyid=999e0e2f-40cb-45e9-8800-ebf40a015113 5002279 10602 Maybe Security Update 15.0.5571.1000 5001952 https://www.microsoft.com/download/details.aspx?familyid=ea456615-ad5a-418b-87c6-2a872a8a08d2 4464542 10602 Maybe Security Update 15.0.5571.1000 willJ of vulnerability research institute 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Office Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires the victim to open a specially crafted file and click through Office Security Prompt(s). An attacker would have no way to force users to open the file.,</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p><strong>Is the Attachment Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability would allow an attacker to escape the Office Protected View.</p> <p><strong>Is Application Guard for Office affected by this vulnerability?</strong></p> <p>No. Customers using Application Guard for Office are not affected.</p> Microsoft Office Microsoft Yes CVE-2023-33150 11573 11574 11762 11763 11952 11953 10746 10747 10606 10604 10605 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 10746 Security Feature Bypass 10747 Security Feature Bypass 10606 Security Feature Bypass 10604 Security Feature Bypass 10605 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10746 Important 10747 Important 10606 Important 10604 Important 10605 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10606 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10604 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10605 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 5002406 https://www.microsoft.com/download/details.aspx?familyid=93d645ac-18be-46ba-9d69-0e8809abb9e7 5002369 10746 Maybe Security Update 16.0.5404.1000 5002406 https://www.microsoft.com/download/details.aspx?familyid=6a1d54e8-3174-4ea1-8d22-64771dadf0a2 5002369 10747 Maybe Security Update 16.0.5404.1000 5002411 5002365 10606 Maybe Security Update 15.0.5571.1000 5002411 https://www.microsoft.com/download/details.aspx?familyid=6ad28c95-26f4-4f58-8b35-439465af8563 5002365 10604 Maybe Security Update 15.0.5571.1000 5002411 https://www.microsoft.com/download/details.aspx?familyid=0b891df8-0c92-491d-8be1-2696a57a1a45 5002365 10605 Maybe Security Update 15.0.5571.1000 Ben Lichtman 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Outlook Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes. The Preview Pane is an attack vector, but additional user interaction is required.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of NetNTLMv2 hashes.</p> <p><strong>After I installed the July 2023 security updates for Outlook, I can no longer access UNC, SMB, or file:// type URLs from my Outlook. How do I prevent this from happening?</strong></p> <p>The July 2023 Outlook security updates limit access to UNC, SMB, and file:// type URLs to only those the system identifies as Local, Intranet, or Trusted Sites. Additionally, when you click a link for one of these UNC, SMB, or file:// type URLs, a confirmation dialog will be displayed. To ensure continued access, add the URL, UNC, or FQDN path to the Trusted Site Zone as described in <a href="https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/intranet-site-identified-as-an-internet-site">Intranet site is identified as Internet site - Windows Client | Microsoft Learn</a>.</p> <p>For more information see <a href="https://support.microsoft.com/en-us/office/outlook-blocks-opening-fqdn-and-ip-address-hyperlinks-after-installing-protections-for-microsoft-outlook-security-feature-bypass-vulnerability-released-july-11-2023-4a5160b4-76d0-465b-9809-60837bbd35a8">Outlook blocks opening FQDN and IP address hyperlinks after installing protections for Microsoft Outlook Security Feature Bypass Vulnerability released July 11, 2023</a>.</p> Microsoft Office Outlook Microsoft Yes CVE-2023-33151 11952 11763 11762 11953 10766 11573 10317 10318 10407 11574 10765 Spoofing 11952 Spoofing 11763 Spoofing 11762 Spoofing 11953 Spoofing 10766 Spoofing 11573 Spoofing 10317 Spoofing 10318 Spoofing 10407 Spoofing 11574 Spoofing 10765 Important 11952 Important 11763 Important 11762 Important 11953 Important 10766 Important 11573 Important 10317 Important 10318 Important 10407 Important 11574 Important 10765 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10766 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10317 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10407 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10765 Click to Run 11952 11763 11762 11953 11573 11574 No Security Update https://aka.ms/OfficeSecurityReleases 5002427 https://www.microsoft.com/download/details.aspx?familyid=dcb65391-061a-4dc2-ae06-83ed610f7f81 5002387 10766 Maybe Security Update 16.0.5404.1000 5029827 https://support.microsoft.com/help/5029827 10766 10765 5002432 https://www.microsoft.com/download/details.aspx?familyid=168ce814-7e8d-499c-ab3d-2dbaad8c2f10 5002382 10317 Maybe Security Update 15.0.5571.1000 5002432 https://www.microsoft.com/download/details.aspx?familyid=91d8c005-a747-4a7d-906d-bb046ef85020 5002382 10318 Maybe Security Update 15.0.5571.1000 5002432 5002382 10407 Maybe Security Update 15.0.5571.1000 5002427 https://www.microsoft.com/download/details.aspx?familyid=d1a6716a-9986-4e16-aadb-0825ffdb28e1 5002387 10765 Maybe Security Update 16.0.5404.1000 Jordan Hopkins - Rootshell Security 1.0 2023-07-11T07:00:00 <p>Information published.</p> 1.1 2023-07-21T07:00:00 <p>Added an FAQ to explain what customers should do if they run into issues opening UNC, SMB, and file:// type URLs after installing the July 2023 Outlook updates. This is an informational change only.</p> Microsoft ActiveX Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the victim to open a document and click through multiple warning popups for the attack to be initiated.</p> Microsoft Office Access Microsoft Yes CVE-2023-33152 Heap-based Buffer Overflow 11573 11574 11762 11763 11952 11953 10753 10754 10603 10601 10602 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10603 Remote Code Execution 10601 Remote Code Execution 10602 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10753 Important 10754 Important 10603 Important 10601 Important 10602 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10603 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10601 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10602 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 5002058 https://www.microsoft.com/download/details.aspx?familyid=9d0a37cf-5a86-412d-a369-85761a663aab 4461476 10753 Maybe Security Update 16.0.5404.1000 5002058 https://www.microsoft.com/download/details.aspx?familyid=a740df05-5ba4-47b6-a678-6ee97245d534 4461476 10754 Maybe Security Update 16.0.5404.1000 5002069 4018332 10603 Maybe Security Update 15.0.5571.1000 5002069 https://www.microsoft.com/download/details.aspx?familyid=1a89f794-b3f5-49b4-b506-1aececc70225 4018332 10601 Maybe Security Update 15.0.5571.1000 5002069 https://www.microsoft.com/download/details.aspx?familyid=1968517d-bcfa-485c-be14-7606068af3ee 4018332 10602 Maybe Security Update 15.0.5571.1000 <a href="https://twitter.com/laughing_mantis">Greg Linares (@Laughing_Mantis)</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Outlook Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Office Outlook Microsoft Yes CVE-2023-33153 Use After Free 11573 11574 11762 11763 11952 11953 10753 10754 10603 10601 10602 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10603 Remote Code Execution 10601 Remote Code Execution 10602 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10753 Important 10754 Important 10603 Important 10601 Important 10602 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11573 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11574 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11762 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11763 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11952 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11953 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10753 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10754 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10603 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10601 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 10602 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases 4475581 https://www.microsoft.com/download/details.aspx?familyid=f965b849-03d8-44a2-81e5-b651d5f8e813 10753 Maybe Security Update 16.0.5404.1000 4475581 https://www.microsoft.com/download/details.aspx?familyid=9ee1e286-4b0a-4d06-b242-ae808e529086 10754 Maybe Security Update 16.0.5404.1000 4464506 10603 Maybe Security Update 15.0.5571.1000 4464506 https://www.microsoft.com/download/details.aspx?familyid=23989888-3677-47c3-aae2-e17e3eb9daa6 10601 Maybe Security Update 15.0.5571.1000 4464506 https://www.microsoft.com/download/details.aspx?familyid=4fa649ae-605f-4409-8b8a-f07f8d106339 10602 Maybe Security Update 15.0.5571.1000 <a href="https://twitter.com/laughing_mantis">Greg Linares (@Laughing_Mantis)</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker who successfully exploits the vulnerability could download files without the access being logged.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker could bypass the logging of downloaded files.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-33165 Exposure of Sensitive Information to an Unauthorized Actor 11585 11961 Security Feature Bypass 11585 Security Feature Bypass 11961 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11585 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11961 5002423 https://www.microsoft.com/download/details.aspx?familyid=e45e1f77-b009-4ac6-beba-cee83652b9aa 5002402 11585 Maybe Security Update 16.0.10400.20008 5002424 https://www.microsoft.com/download/details.aspx?familyid=829b9115-dcd6-420f-a2b8-15031debf2ba 5002416 11961 Maybe Security Update 16.0.16130.20642 5002424 11961 Sergey Egorov Anonymous 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-33166 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering. with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-33167 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-33168 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-33169 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-33172 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-33173 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Cryptographic Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Cryptographic Services Microsoft Yes CVE-2023-33174 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Failover Cluster Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles “Cluster Admin” and “Cluster Operator” can access this.</p> Windows Cluster Server Microsoft Yes CVE-2023-32033 Use After Free 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-32034 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-32035 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Windows Layer 2 Tunneling Protocol Microsoft Yes CVE-2023-32037 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 greenbamboo 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft ODBC Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.</p> Windows ODBC Driver Microsoft Yes CVE-2023-32038 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (for example you use TLS encryption with certificate validation), the vulnerability cannot be exploited.</p> bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> guoxi with Venustech ADLab 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-32039 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-32040 Untrusted Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Update Orchestrator Service Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows Update Orchestrator Service Microsoft Yes CVE-2023-32041 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 R4nger and Kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> OLE Automation Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows OLE Microsoft Yes CVE-2023-32042 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 R4nger & Kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Remote Desktop Security Feature Bypass Vulnerability <p><strong>What security feature is being bypassed?</strong></p> <p>An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could bypass the certificate validation performed when a targeted user connects to a trusted server.</p> Windows Remote Desktop Microsoft Yes CVE-2023-32043 Use of a Broken or Risky Cryptographic Algorithm 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9312 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10287 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9318 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9344 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10051 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10049 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Lee Riefberg 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing Microsoft Yes CVE-2023-32044 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing Microsoft Yes CVE-2023-32045 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows MSHTML Platform Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MSHTML Platform Microsoft Yes CVE-2023-32046 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028167 5026366 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.001 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 MSTIC MSTIC 1.0 2023-07-11T07:00:00 <p>Information published.</p> Paint 3D Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>6.2305.16087.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.MSPaint</code></p> Paint 3D Microsoft Yes CVE-2023-32047 Heap-based Buffer Overflow 11758 Remote Code Execution 11758 Important 11758 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11758 Release Notes https://www.microsoft.com/en-us/p/paint-3d/9nblggh5fv99#activetab=pivot:overviewtab 11758 Maybe Security Update 6.2305.16087.0 Keqi Hu 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Installer Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Installer Microsoft Yes CVE-2023-32050 Improper Link Resolution Before File Access ('Link Following') 9312 10287 9318 9344 10051 10049 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 JeongOh Kyea of THEORI <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Raw Image Extension Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2023-32051 Integer Overflow or Wraparound 11804-11926 11804-11927 11804-11929 11804-11930 11804-11931 11804-12085 11804-12086 11804-12097 11804-12098 11804-12099 Remote Code Execution 11804-11926 Remote Code Execution 11804-11927 Remote Code Execution 11804-11929 Remote Code Execution 11804-11930 Remote Code Execution 11804-11931 Remote Code Execution 11804-12085 Remote Code Execution 11804-12086 Remote Code Execution 11804-12097 Remote Code Execution 11804-12098 Remote Code Execution 11804-12099 Important 11804-11926 Important 11804-11927 Important 11804-11929 Important 11804-11930 Important 11804-11931 Important 11804-12085 Important 11804-12086 Important 11804-12097 Important 11804-12098 Important 11804-12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11804-12099 Update Information https://apps.microsoft.com/store/detail/raw-image-extension/9NCTDW2W1BH8?hl=en-us&gl=us 11804-11926 11804-11927 11804-11929 11804-11930 11804-11931 11804-12097 11804-12098 11804-12099 Maybe Security Update 2.0.61662.0 Update Information https://apps.microsoft.com/store/detail/raw-image-extension/9NCTDW2W1BH8?hl=en-us&gl=us 11804-12085 11804-12086 Maybe Security Update 2.1.61661.0 Anonymous <a href="https://twitter.com/ze0rx">Guanghui Xia(@ze0r)</a> with Hebei HuaCe 1.0 2023-07-11T07:00:00 <p>Information published.</p> 1.1 2023-09-12T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Online Certificate Status Protocol (OCSP) SnapIn Microsoft Yes CVE-2023-35313 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-35314 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could exploit the vulnerability by sending a specially crafted request to a Windows Server configured as a Layer-2 Bridge.</p> Windows Layer-2 Bridge Network Driver Microsoft Yes CVE-2023-35315 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 greenbamboo 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Remote Procedure Call Microsoft Yes CVE-2023-35316 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Server Update Service Microsoft Yes CVE-2023-35317 Deserialization of Untrusted Data 11571 11572 11923 11924 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 l1k3beef 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-35318 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-35319 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Connected User Experiences and Telemetry Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Connected User Experiences and Telemetry Microsoft Yes CVE-2023-35320 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 <a href="https://twitter.com/kkokkokye">JeongOh Kyea</a> with <a href="https://theori.io/">THEORI</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services Microsoft Yes CVE-2023-35321 Improper Null Termination 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Deployment Services Remote Code Execution Vulnerability <p><strong><strong>How could an attacker exploit this vulnerability?</strong></strong></p> <p><strong>How can attacker successfully exploit this vulnerability?</strong></p> <p>An attacker with user permissions could alter specific variables in the CNTCIR Packet of the WDSMA protocol in order to exploit this vulnerability. For more information about CNTCIR Packet see <a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wdsma/7c79e7c8-091e-4027-886e-5cb8825865b7">CNTCIR Packet</a>.</p> Windows Deployment Services Microsoft Yes CVE-2023-35322 Stack-based Buffer Overflow 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows OLE Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Online Certificate Status Protocol (OCSP) SnapIn Microsoft Yes CVE-2023-35323 Use After Free 11923 11924 11926 11927 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Important 11923 Important 11924 Important 11926 Important 11927 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 kap0k CHEN QINGYANG with Topsec Alpha Team 1.0 2023-07-11T07:00:00 <p>Information published.</p> 1.1 2023-08-16T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-35324 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Print Spooler Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows Print Spooler Components Microsoft Yes CVE-2023-35325 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 R4nger 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows CDP User Components Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Windows CDP User Components Microsoft Yes CVE-2023-35326 Use of Uninitialized Resource 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 R4nger 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Transaction Manager Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Transaction Manager Microsoft Yes CVE-2023-35328 Numeric Truncation Error 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 eputv manavoid 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Authentication Denial of Service Vulnerability Windows Authentication Methods Microsoft Yes CVE-2023-35329 Uncontrolled Resource Consumption 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Anonymous 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Extended Negotiation Denial of Service Vulnerability Windows SPNEGO Extended Negotiation Microsoft Yes CVE-2023-35330 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 liubenjin with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Local Security Authority (LSA) Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> Windows Local Security Authority (LSA) Microsoft Yes CVE-2023-35331 11571 11572 11923 11924 10816 10855 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Remote Desktop Protocol Security Feature Bypass <p><strong>What security feature is bypassed with this vulnerability?</strong></p> <p>The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could compromise the confidentiality and integrity of data when the targeted user connects to a trusted server.</p> Windows Remote Desktop Microsoft Yes CVE-2023-35332 Inadequate Encryption Strength 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10051 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10049 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://il.linkedin.com/in/dordali">Dor Dali</a> with <a href="https://cyolo.io/">Cyolo</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> MediaWiki PandocUpload Extension Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability by uploading a file with the destination name as a malicious payload due to shell arguments not being properly escaped. When successfully exploited this could allow the malicious actor to perform remote code execution.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), and privilege required is low (PR:L). What is the target used in the context of the remote code execution?</strong></p> <p>The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.</p> <p>The privilege requirement is low because the attacker needs to be authenticated as a normal user.</p> Microsoft Media-Wiki Extensions Microsoft Yes CVE-2023-35333 Improper Control of Generation of Code ('Code Injection') 12209 Remote Code Execution 12209 Important 12209 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12209 Release Notes https://github.com/microsoft/MediaWiki-Extensions 12209 Maybe Security Update 1.0.1 <a href="https://blog.bawolff.net/">bawolff</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows MSHTML Platform Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits the vulnerability could craft a malicious URL that would evade zone checks, resulting in a limited loss of integrity and availability on the victim machine.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.</p> <p>To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows except Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Why are IE Cumulative updates listed for Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MSHTML Platform Microsoft Yes CVE-2023-35336 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 5028167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028167 5026366 10483 10543 Yes IE Cumulative 1.001 Roberto Bamberger and Matt Wagenknecht with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K Microsoft Yes CVE-2023-35337 Heap-based Buffer Overflow 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 <a href="https://www.cnblogs.com/feizianquan/">袁子建</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Peer Name Resolution Protocol Denial of Service Vulnerability Windows Peer Name Resolution Protocol Microsoft Yes CVE-2023-35338 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/baixia4">Jarvis_1oop of vulnerability research institute</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows CryptoAPI Denial of Service Vulnerability Windows CryptoAPI Microsoft Yes CVE-2023-35339 Uncontrolled Resource Consumption 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 <a href="https://www.youtube.com/watch">Polar Bear</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows CNG Key Isolation Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows CNG Key Isolation Service Microsoft Yes CVE-2023-35340 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft DirectMusic Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Media Microsoft Yes CVE-2023-35341 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Vipin Kumar with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Image Acquisition Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Image Acquisition Microsoft Yes CVE-2023-35342 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 OUYANG FEI 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Geolocation Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious input file and convince the user to open said input file.</p> Windows Geolocation Service Microsoft Yes CVE-2023-35343 Untrusted Search Path 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 CHEN QINGYANG with Topsec Alpha Team wh1tc & Zhiniang Peng with Sangfor 1.0 2023-07-11T07:00:00 <p>Information published.</p> 1.1 2023-08-24T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Role: DNS Server Microsoft Yes CVE-2023-35344 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Role: DNS Server Microsoft Yes CVE-2023-35345 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Role: DNS Server Microsoft Yes CVE-2023-35346 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities and Mitigations</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Install Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N) but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability cannot access files but can overwrite their contents and potentially cause the service to become unavailable.</p> Windows App Store Microsoft Yes CVE-2023-35347 Improper Link Resolution Before File Access ('Link Following') 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 12099 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> with Infigo IS 1.0 2023-07-11T07:00:00 <p>Information published.</p> Active Directory Federation Service Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?</strong></p> <p>By exploiting this vulnerability, an attacker can craft a long-lived assertion and impersonate a victim user affecting the integrity of the assertion.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker can bypass Windows Trusted Platform Module by crafting an assertion and using the assertion to request a Primary Refresh Token from another device.</p> <p><strong>What actions do I need to take to be protected from this vulnerability?</strong></p> <p>To be protected, apply the fix as follows:</p> <p>Install Windows updates released on or after July 11, 2023 on all AD FS servers of the farm. Then, enable the setting by running the following PowerShell command on the primary AD FS server of the farm:</p> <p><code>Set-AdfsProperties-EnforceNonceInJWT Enabled</code></p> <p><strong>Important</strong> You may see authentication failures in certain scenarios when there are clients that are not updated and send JWT authentication requests to the AD FS server. In such cases, we recommend updating all clients by installing the Windows update released on or after July 11, 2023. Alternatively, an administrator can disable the <strong>EnforceNonceInJWT</strong> setting and monitor the AD FS servers for the logging of Event 187 to identify potential requests that could be rejected when <strong>EnforceNonceInJWT</strong> is set to <strong>Enabled</strong>. After confirming the absence of Event 187 on AD FS servers for a defined period of time, the <strong>EnforceNonceInJWT</strong> setting must be updated to <strong>Enabled</strong>.</p> Azure Active Directory Microsoft Yes CVE-2023-35348 Insufficiently Protected Credentials 11571 11572 11923 11924 10816 10855 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11571 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11572 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11923 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11924 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10816 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker with Certificate Authority (CA) read access permissions can send a specially crafted request to a vulnerable Certificate Server. By default, only domain administrators are granted CA read access.</p> Windows Active Directory Certificate Services Microsoft Yes CVE-2023-35350 Heap-based Buffer Overflow 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker with Certificate Authority (CA) read access permissions can send a specially crafted request to a vulnerable Certificate Server. By default, only domain administrators are granted CA read access.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Active Directory Certificate Services Microsoft Yes CVE-2023-35351 Use After Free 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Remote Desktop Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could bypass certificate or private key authentication when establishing a remote desktop protocol session.</p> Windows Remote Desktop Microsoft Yes CVE-2023-35352 11571 11572 11923 11924 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://il.linkedin.com/in/dordali">Dor Dali</a> with <a href="https://cyolo.io/">Cyolo</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Connected User Experiences and Telemetry Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Connected User Experiences and Telemetry Microsoft Yes CVE-2023-35353 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities & Mitigations 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-35356 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-35357 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-35358 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 Mateusz Jurczyk of <a href="https://www.google.com">Google Project Zero</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows NT OS Kernel Microsoft Yes CVE-2023-35360 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows NT OS Kernel Microsoft Yes CVE-2023-35361 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Clip Service Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Clip Service Microsoft Yes CVE-2023-35362 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-35363 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> Windows NT OS Kernel Microsoft Yes CVE-2023-35364 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 <a href="https://twitter.com/ezrak1e">ziming zhang</a> with Ant Security Light-Year Lab 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2023-35365 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <p>This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role, which is not installed and configured by default.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140(v=ws.11)">Routing and Remote Access Server (RRAS) | Microsoft Learn</a> for more information. You might also benefit by reading more about Roles here: <a href="https://learn.microsoft.com/en-us/windows-server/administration/server-core/server-core-roles-and-services">Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn</a>.</p> wkai with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2023-35366 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <p>This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role, which is not installed and configured by default.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140(v=ws.11)">Routing and Remote Access Server (RRAS) | Microsoft Learn</a> for more information. You might also benefit by reading more about Roles here: <a href="https://learn.microsoft.com/en-us/windows-server/administration/server-core/server-core-roles-and-services">Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn</a>.</p> wkai with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2023-35367 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <p>This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role, which is not installed and configured by default.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614140(v=ws.11)">Routing and Remote Access Server (RRAS) | Microsoft Learn</a> for more information. You might also benefit by reading more about Roles here: <a href="https://learn.microsoft.com/en-us/windows-server/administration/server-core/server-core-roles-and-services">Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn</a>.</p> wkai with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2023-07-11T07:00:00 <p>Information published.</p> VP9 Video Extensions Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update <a href="https://www.microsoft.com/Licensing/servicecenter/">https://www.microsoft.com/Licensing/servicecenter/</a>.</p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>1.0.61591.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell: <code>Get-AppxPackage -Name Microsoft.VP9VideoExtensions</code></p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2023-36872 Improper Input Validation 11884 Information Disclosure 11884 Important 11884 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11884 More Information https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 11884 Maybe Security Update 1.0.61591.0 K24 Sec 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Error Reporting Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.</p> Windows Error Reporting Microsoft Yes CVE-2023-36874 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Vlad Stolyarov and Maddie Stone of Googles Threat Analysis Group (TAG) 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Search Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to high loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker can plant a malicious file evading Mark of the Web (MOTW) defenses which can result in code execution on the victim system.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the remote code execution vulnerability.</p> <p>In any case an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.</p> Microsoft Windows Search Component Microsoft Yes CVE-2023-36884 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5029247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029247 5028168 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4737 5029247 https://support.microsoft.com/help/5029247 11568 11569 11570 11571 11572 5029250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029250 5028171 11923 11924 Yes Security Update 10.0.20348.1906 5029250 https://support.microsoft.com/help/5029250 11923 11924 5029367 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029367 11923 11924 No Security Hotpatch Update 10.0.20348.1903 5029253 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029253 5028182 11926 11927 Yes Security Update 10.0.22000.2295 5029244 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029244 5028166 11929 11930 11931 12099 Yes Security Update 10.0.19044.3324 5029244 https://support.microsoft.com/help/5029244 11929 11930 11931 12097 12098 12099 5029263 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029263 5028185 12085 12086 Yes Security Update 10.0.22621.2134 5029263 https://support.microsoft.com/help/5029263 12085 12086 5029244 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029244 5028166 12097 12098 Yes Security Update 10.0.19045.3324 5029259 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029259 5028186 10729 10735 Yes Security Update 10.0.10240.20107 5029242 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029242 5028169 10852 10853 10816 10855 Yes Security Update 10.0.14393.6167 5029318 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029318 5028222 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22216 5029318 https://support.microsoft.com/help/5029318 9312 10287 9318 9344 5029301 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029301 9312 10287 9318 9344 Yes Security Only 6.0.6003.22216 5029301 https://support.microsoft.com/help/5029301 9312 10287 9318 9344 5029296 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029296 5028240 10051 10049 Yes Monthly Rollup 6.1.7601.26664 5029296 https://support.microsoft.com/help/5029296 10051 10049 5029307 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029307 10051 10049 Yes Security Only 6.1.7601.26664 5029307 https://support.microsoft.com/help/5029307 10051 10049 5029295 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029295 5028232 10378 10379 Yes Monthly Rollup 6.2.9200.24414 5029308 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029308 10378 10379 Yes Security Only 6.2.9200.24414 5029312 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029312 5028228 10483 10543 Yes Monthly Rollup 6.3.9600.21503 5029304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029304 10483 10543 Yes Security Only 6.3.9600.21503 Microsoft Office Product Group Security Team <a href="https://twitter.com/@tlansec">Tom Lancaster</a> with <a href="https://www.volexity.com/">Volexity</a> <a href="https://twitter.com/r00tbsd">Paul Rascagneres</a> with <a href="https://www.volexity.com/">Volexity</a> Vlad Stolyarov, Clement Lecigne and Bahare Sabouri of Google’s Threat Analysis Group (TAG) Microsoft Threat Intelligence 1.0 2023-07-11T07:00:00 <p>Information published.</p> 1.1 2023-07-12T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 3.0 2023-08-09T07:00:00 <p>Links on Security Updates table corrected to reflect that the updates that address this vulnerability are the August 2023 Windows updates. Microsoft recommends installing the August 2023 updates as soon as possible.</p> 2.0 2023-08-08T07:00:00 <p>Updated affected software to include just Windows products with links to August 2023 security updates. Adjusted information in the FAQs. The Office updates are documented in <a href="https://msrc.microsoft.com/update-guide/vulnerability/ADV230003">ADV230003</a>.</p> 3.1 2023-10-17T07:00:00 <p>Added an FAQ. This is an information change only.</p> Microsoft Edge for Android (Chromium-based) Tampering Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?</strong></p> <p>The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify limited content of the affected API.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires the victim to open the vulnerable app.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36888 11815 Tampering 11815 Important 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 114.0.1823.82 Tillson Galloway with <a href="https://gatech.edu/">Georgia Tech</a> 1.0 2023-07-13T07:00:00 <p>Information published.</p> Microsoft Edge for iOS Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36883 11966 Spoofing 11966 Moderate 11966 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11966 Release Notes 11966 No Security Update 114.0.1823.82 <a href="https://www.twitter.com/rafaybaloch">Rafay Baloch</a> with <a href="https://cybercitadel.com/">Cyber Citadel</a> 1.0 2023-07-13T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-36887 11655 Remote Code Execution 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 114.0.1823.82 <a href="https://www.talosintelligence.com/">Aleksandar Nikolic</a> with <a href="https://www.cisco.com/">Cisco Talos</a> 1.0 2023-07-13T07:00:00 <p>Information published.</p> Microsoft Edge for Android Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to no loss of availability (A:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker cannot impact the availability of the browser.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to no loss of Confientiality (C:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker cannot obtain information from the vicitm.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-38173 11815 Spoofing 11815 Moderate 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 115.0.1901.183 <a href="https://www.linkedin.com/in/hafiizh-7aa6bb31/">Hafiizh</a> with https://www.linkedin.com/in/hafiizh-7aa6bb31/ 1.0 2023-07-21T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user have multiple browser instances open of the affected version of Microsoft Edge (Chromium-based), one of which is a specially crafted website hosted by the attacker. The user would need to access the URL of the malicious website and then click a popup displayed on that site.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-35392 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.7 4.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 115.0.1901.183 <a href="https://twitter.com/imnarendrabhati">Narendra Bhati</a> with <a href="https://www.linkedin.com/in/imnarendrabhati">Lead Penetration Tester at Suma Soft Pvt. Ltd. Pune, India</a> 1.0 2023-07-21T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify limited content of the affected API.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to no loss of availability (A:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker cannot impact the availability of the browser.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2023-38187 11655 Elevation of Privilege 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 115.0.1901.183 <a href="https://twitter.com/shhnjk">Jun Kokatsu</a> 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3732 Out of bounds memory access in Mojo <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3732 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3728 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3728 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 12142 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3727 Use after free in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3727 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3730 Use after free in Tab Groups <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3730 11655 12142 11655 12142 11655 12142 DOS:N/A Release Notes 11655 12142 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3733 Inappropriate implementation in WebApp Installs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3733 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3734 Inappropriate implementation in Picture In Picture <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3734 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3735 Inappropriate implementation in Web API Permission Prompts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3735 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3736 Inappropriate implementation in Custom Tabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3736 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3737 Inappropriate implementation in Notifications <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3737 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3738 Inappropriate implementation in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3738 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Chromium: CVE-2023-3740 Insufficient validation of untrusted input in Themes <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>115.0.1901.183</td> <td>115.0.5790.98/99</td> <td>7/21/2023</td> </tr> <tr> <td>Extended Stable</td> <td>114.0.1901.183</td> <td>114.0.5735.243</td> <td>7/21/2023</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2023-3740 11655 11655 11655 DOS:N/A Release Notes 11655 No Security Update 115.0.1901.183 1.0 2023-07-21T07:00:00 <p>Information published.</p> Windows Netlogon Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could intercept and potentially modify traffic between client and server systems.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> Windows Netlogon Microsoft Yes CVE-2023-21526 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11570 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9312 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10287 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9318 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9344 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10051 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10049 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 7.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 1.0 2023-07-11T07:00:00 <p>Information published.</p> Guidance on Microsoft Signed Drivers Being Used Maliciously <h2 id="executive-summary">Executive Summary:</h2> <p>Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the drivers.</p> <p>Microsoft has completed its investigation and determined that the activity was limited to the abuse of several developer program accounts and that no Microsoft account compromise has been identified. We’ve suspended the partners' seller accounts and implemented blocking detections for all the reported malicious drivers to help protect customers from this threat.</p> <p><strong>Details:</strong></p> <p>Microsoft was informed that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity. In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers. An investigation was performed when we were notified of this activity by Sophos on February 9, 2023; Trend Micro and Cisco subsequently provided reports containing additional details. This investigation revealed that several developer accounts for the Microsoft Partner Center (MPC) were engaged in submitting malicious drivers to obtain a Microsoft signature. All the developer accounts involved in this incident were immediately suspended.</p> <p>Microsoft has released Window Security updates (see Security Updates table) that untrust drivers and driver signing certificates for the impacted files and has suspended the partners' seller accounts. Additionally, Microsoft has implemented blocking detections (Microsoft Defender 1.391.3822.0 and newer) to help protect customers from legitimately signed drivers that have been used maliciously in post-exploit activity. For more information about how the Windows Code Integrity feature protects Microsoft customers from revoked certificates see: (Notice of additions to the Windows Driver.STL revocation list - Microsoft Support)[https://support.microsoft.com/help/5029033].</p> <p>Microsoft is working with Microsoft Active Protections Program (MAPP) partners to help develop further detections and to better protect our shared customers. Microsoft Partner Center is also working on long-term solutions to address these deceptive practices and prevent future customer impacts.</p> <h2 id="recommended-actions">Recommended Actions:</h2> <p>Microsoft recommends that all customers install the latest Windows updates and ensure their anti-virus and endpoint detection products are up to date with the latest signatures and are enabled to prevent these attacks.</p> <h2 id="frequently-asked-questions">Frequently Asked Questions:</h2> <p><strong>Are any Microsoft services (Azure, M365, XBOX, Etc.) affected by this issue?</strong></p> <p>Microsoft’s services are not affected by this issue. Our investigation has not identified any instances of malicious drivers affecting any of our services.</p> <p><strong>How can customers deploy their own Hypervisor-protected Code Integrity (HVCI) policy to perform detections in their own environment?</strong></p> <p>Updates will be made to the Microsoft Recommended Driver Blocklist - <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules">Microsoft recommended driver block rules (Windows 10) - Windows security | Microsoft Docs</a> policy to perform detections in their own environment.</p> <p>After the full set of malicious files has been locked, customers (enterprise and consumer) can deploy this policy onto devices to block against this malicious file and other malicious and vulnerable drivers on the blocklist. Additionally, enabling Hypervisor-protected Code Integrity (HVCI) will automatically enforce the policy without needing to deploy the policy.</p> <p><strong>How do I determine if any drivers are affected that were installed prior to the available detections were implemented?</strong></p> <p>Offline scans will be required to detect malicious drivers which might have been installed prior to March 2, 2023, when new Microsoft detections were implemented. For more information see <a href="https://support.microsoft.com/en-us/office/remove-malware-from-your-windows-pc-360379ec-153b-4ab4-93ff-85be97789dbb">Remove malware from your Windows PC</a>.</p> Windows Certificates Microsoft Yes ADV230001 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Defense in Depth 11568 Defense in Depth 11569 Defense in Depth 11570 Defense in Depth 11571 Defense in Depth 11572 Defense in Depth 11923 Defense in Depth 11924 Defense in Depth 11926 Defense in Depth 11927 Defense in Depth 11929 Defense in Depth 11930 Defense in Depth 11931 Defense in Depth 12085 Defense in Depth 12086 Defense in Depth 12097 Defense in Depth 12098 Defense in Depth 12099 Defense in Depth 10729 Defense in Depth 10735 Defense in Depth 10852 Defense in Depth 10853 Defense in Depth 10816 Defense in Depth 10855 Defense in Depth 9312 Defense in Depth 10287 Defense in Depth 9318 Defense in Depth 9344 Defense in Depth 10051 Defense in Depth 10049 Defense in Depth 10378 Defense in Depth 10379 Defense in Depth 10483 Defense in Depth 10543 None 11568 None 11569 None 11570 None 11571 None 11572 None 11923 None 11924 None 11926 None 11927 None 11929 None 11930 None 11931 None 12085 None 12086 None 12097 None 12098 None 12099 None 10729 None 10735 None 10852 None 10853 None 10816 None 10855 None 9312 None 10287 None 9318 None 9344 None 10051 None 10049 None 10378 None 10379 None 10483 None 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 5029247 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029247 5028168 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4737 5029247 https://support.microsoft.com/help/5029247 11568 11569 11570 11571 11572 5029250 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029250 5028171 11923 11924 Yes Security Update 10.0.20348.1906 5029250 https://support.microsoft.com/help/5029250 11923 11924 5029253 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029253 5028182 11926 11927 Yes Security Update 10.0.22000.2295 5029244 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029244 5028166 11929 11930 11931 Yes Security Update 10.0.19044.3324 5029244 https://support.microsoft.com/help/5029244 11929 11930 11931 12097 12098 12099 5029263 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029263 5028185 12085 12086 Yes Security Update 10.0.22621.2134 5029263 https://support.microsoft.com/help/5029263 12085 12086 5029244 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029244 5028166 12097 12098 12099 Yes Security Update 10.0.19045.3324 5029259 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029259 5028186 10729 10735 Yes Security Update 10.0.10240.20107 5029242 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029242 5028169 10852 10853 10816 10855 Yes Security Update 10.0.14393.6167 5029318 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029318 5028222 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22216 5029318 https://support.microsoft.com/help/5029318 9312 10287 9318 9344 5029301 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029301 9312 10287 9318 9344 Yes Security Only 6.0.6003.22216 5029301 https://support.microsoft.com/help/5029301 9312 10287 9318 9344 5029296 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029296 5028240 10051 10049 Yes Monthly Rollup 6.1.7601.26664 5029296 https://support.microsoft.com/help/5029296 10051 10049 5029307 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029307 10051 10049 Yes Security Only 6.1.7601.26664 5029307 https://support.microsoft.com/help/5029307 10051 10049 5029295 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029295 5028232 10378 10379 Yes Monthly Rollup 6.2.9200.24414 5029308 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029308 10378 10379 Yes Security Only 6.2.9200.24414 5029312 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029312 5028228 10483 10543 Yes Monthly Rollup 6.3.9600.21503 5029304 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029304 10483 10543 Yes Security Only 6.3.9600.21503 Sophos X-Ops teams Chris Neal of Cisco Talos Trend Micro Research 1.0 2023-07-11T07:00:00 <p>Information published.</p> 2.0 2023-08-08T07:00:00 <p>Microsoft is announcing that the August 8, 2023 Window Security updates (see Security Updates table) add additional untrusted drivers and driver signing certificates to the Windows Driver.STL revocation list. Microsoft strongly recommends that customers install the August 2023 updates to be add these additional drivers and driver certificates. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Windows Admin Center Spoofing Vulnerability <p><strong>Where can customer obtain the updated software?</strong></p> <p>Customers can download the latest build of Windows Admin Center by using this link: aka.ms/downloadwac</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could exploit the vulnerability by carrying out any one of the following actions:</p> <ol> <li>Importing a malicious script to the Windows Admin Center (WAC) HTML form.</li> <li>Importing a .csv file using the Windows Admin Center (WAC) user interface.</li> <li>Importing a .csv file using the Windows Admin Center (WAC) API.</li> </ol> <p>If the victim who triggers the attack is a highly-privileged administrator the injected scripts could perform operations on the WAC server, thus spoofing the WAC application with the privileges of the victim administrator.</p> Windows Admin Center Microsoft Yes CVE-2023-29347 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11629 Spoofing 11629 Important 11629 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.7 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C 11629 Release Notes https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2306-is-now-generally-available/ba-p/3852343 11629 Maybe Security Update 2306 Christian P&#246;schl with <a href="https://herolab.usd.de/">usd AG</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Partition Management Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Partition Management Driver Microsoft Yes CVE-2023-33154 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Fraunhofer FKIE CA&amp;D 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2023-33155 Improper Access Control 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 Abdelhamid Naceri 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Defender Elevation of Privilege Vulnerability <table> <thead> <tr> <th>References</th> <th>Identification</th> </tr> </thead> <tbody> <tr> <td>Last version of the Microsoft Malware Protection Platform affected by this vulnerability</td> <td>Version 1.1.20300.3</td> </tr> <tr> <td>First version of the Microsoft Malware Protection Platform with this vulnerability addressed</td> <td>Version 1.1.23050.3</td> </tr> </tbody> </table> <p>See <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus">Manage Updates Baselines Microsoft Defender Antivirus</a> for more information.</p> <p><strong>Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?</strong></p> <p>Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.</p> <p><strong>Why is no action required to install this update?</strong></p> <p>In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.</p> <p>For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.</p> <p>Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Platform updates and malware definitions, is working as expected in their environment.</p> <p><strong>How often are the Microsoft Malware Protection Platform and malware definitions updated?</strong></p> <p>Microsoft typically releases an update for the Microsoft Malware Protection Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.</p> <p>Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.</p> <p><strong>What is the Microsoft Malware Protection Platform?</strong></p> <p>The Microsoft Malware Protection Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats.</p> <p><strong>Windows Defender uses the Microsoft Malware Protection Platform. On which products is Defender installed and active by default?</strong></p> <p>Defender runs on all supported version of Windows.</p> <p><strong>Are there other products that use the Microsoft Malware Protection Platform?</strong></p> <p>Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.</p> <p><strong>Does this update contain any additional security-related changes to functionality?</strong></p> <p>Yes.  In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.</p> <h2 id="suggested-actions">Suggested Actions</h2> <p><strong>Verify that the update is installed</strong></p> <p>Customers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.</p> <ol> <li>Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.</li> <li>In the navigation pane, select Virus &amp; threat protection.</li> <li>Under Virus &amp; threat protection updates in the main window, select Check for updates</li> <li>Select Check for updates again.</li> <li>In the navigation pane, select Settings, and then select About.</li> <li>Examine the Platform Version number. The update was successfully installed if the Malware Protection Platform version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.</li> </ol> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Defender Microsoft Yes CVE-2023-33156 Time-of-check Time-of-use (TOCTOU) Race Condition 11902 Elevation of Privilege 11902 Important 11902 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.3 5.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C 11902 Release Notes 11902 No Security Update 1.1.23050.3 Abdelhamid Naceri 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to the target site as at least a Site Member.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-33157 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Critical 10950 Critical 11585 Critical 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002425 https://www.microsoft.com/download/details.aspx?familyid=60a3614c-b9f9-4db4-b193-ab44dd882139 5002404 10950 Maybe Security Update 16.0.5404.1000 5002423 https://www.microsoft.com/download/details.aspx?familyid=e45e1f77-b009-4ac6-beba-cee83652b9aa 5002402 11585 Maybe Security Update 16.0.10400.20008 5002424 https://www.microsoft.com/download/details.aspx?familyid=829b9115-dcd6-420f-a2b8-15031debf2ba 5002416 11961 Maybe Security Update 16.0.16130.20642 5002424 11961 <a href="https://github.com/zcgonvh">zcgonvh</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a local attack potentially enabling access to the victim user's information, the ability to alter information, or the ability to cause downtime to the target environment.</p> Microsoft Office Excel Microsoft Yes CVE-2023-33158 Integer Underflow (Wrap or Wraparound) 11575 11762 11763 11951 11952 11953 12156 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12156 Important 11575 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12156 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12156 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.75.23070901 Click to Run 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases Release Notes https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Maybe Security Update 16.0.14326.21502 Michael Heinzl 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability might be able to run their scripts in the security context of the current user by enticing the user to click on a link resulting in a cross-site scripting attack on the SharePoint Server.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-33159 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 10950 11585 11961 Spoofing 10950 Spoofing 11585 Spoofing 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002425 https://www.microsoft.com/download/details.aspx?familyid=60a3614c-b9f9-4db4-b193-ab44dd882139 5002404 10950 Maybe Security Update 16.0.5404.1000 5002423 https://www.microsoft.com/download/details.aspx?familyid=e45e1f77-b009-4ac6-beba-cee83652b9aa 5002402 11585 Maybe Security Update 16.0.10400.20008 5002424 https://www.microsoft.com/download/details.aspx?familyid=829b9115-dcd6-420f-a2b8-15031debf2ba 5002416 11961 Maybe Security Update 16.0.16130.20642 5002424 11961 Anonymous 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must be authenticated to the target site as at least a Site Member.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by leveraging vulnerable APIs through a deserialization of unsafe data input vulnerability. Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input, resulting in possible remote code execution on the SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-33160 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Critical 10950 Critical 11585 Critical 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002425 https://www.microsoft.com/download/details.aspx?familyid=60a3614c-b9f9-4db4-b193-ab44dd882139 5002404 10950 Maybe Security Update 16.0.5404.1000 5002423 https://www.microsoft.com/download/details.aspx?familyid=e45e1f77-b009-4ac6-beba-cee83652b9aa 5002402 11585 Maybe Security Update 16.0.10400.20008 5002424 https://www.microsoft.com/download/details.aspx?familyid=829b9115-dcd6-420f-a2b8-15031debf2ba 5002416 11961 Maybe Security Update 16.0.16130.20642 5002424 11961 <a href="https://twitter.com/mwulftange">Markus Wulftange</a> with <a href="https://code-white.com/">CODE WHITE GmbH</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could perform a local attack potentially enabling access to the victim user's information, the ability to alter information, or the ability to cause downtime to the target environment.</p> Microsoft Office Excel Microsoft Yes CVE-2023-33161 Double Free 11575 11762 11763 11951 Remote Code Execution 11575 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Important 11575 Important 11762 Important 11763 Important 11951 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11575 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.75.23070901 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases Wenguang Jiao 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Excel Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?</strong></p> <p>The attack itself is carried out locally. For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer which could leak data.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2023-33162 Out-of-bounds Read 11573 11574 11575 11605 11762 11763 11951 11952 11953 10739 10740 10656 10654 10655 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11575 Information Disclosure 11605 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 10739 Information Disclosure 10740 Information Disclosure 10656 Information Disclosure 10654 Information Disclosure 10655 Important 11573 Important 11574 Important 11575 Important 11605 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10739 Important 10740 Important 10656 Important 10654 Important 10655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11575 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11605 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11951 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10739 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10740 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10656 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10654 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10655 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 11951 Maybe Security Update 16.75.23070901 5002421 https://www.microsoft.com/download/details.aspx?familyid=6407717c-314c-4184-bf6a-ec45759c0bb4 5002401 11605 Maybe Security Update 16.0.10400.20000 5002426 https://www.microsoft.com/download/details.aspx?familyid=48a3796a-98d1-464a-aa9b-1ba73fcb5074 5002405 10739 Maybe Security Update 16.0.5404.1000 5002426 https://www.microsoft.com/download/details.aspx?familyid=3b496b2c-abb6-4bc0-88fc-b413c7beada0 5002405 10740 Maybe Security Update 16.0.5404.1000 5002434 5002414 10656 Maybe Security Update 15.0.5571.1000 5002434 https://www.microsoft.com/download/details.aspx?familyid=8f682749-2f88-4c2c-a4bc-629c6928b9ab 5002414 10654 Maybe Security Update 15.0.5571.1000 5002434 https://www.microsoft.com/download/details.aspx?familyid=e949c2ea-b423-431a-81fc-78ca6752ac1e 5002414 10655 Maybe Security Update 15.0.5571.1000 Genwei Jiang with <a href="https://www.mandiant.com/">Mandiant, FLARE OTF</a> Dhanesh Kizhakkinan with <a href="https://www.mandiant.com/">Mandiant, FLARE OTF</a> <a href="https://twitter.com/leeqwind">Li Qi</a>, <a href="https://twitter.com/aalizzwell">Dong Kangwei</a> and Zhang Yanping with <a href="https://ata.360.net/help/docs/introduction">360 HuntingZero Lab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Network Load Balancing Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p> Windows Network Load Balancing Microsoft Yes CVE-2023-33163 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/b2ahex">b2ahex</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Microsoft Yes CVE-2023-33164 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> ASP.NET and Visual Studio Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p> ASP.NET and Visual Studio Microsoft Yes CVE-2023-33170 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 12051 11969 12129 12187 12009 12130 Security Feature Bypass 12051 Security Feature Bypass 11969 Security Feature Bypass 12129 Security Feature Bypass 12187 Security Feature Bypass 12009 Security Feature Bypass 12130 Important 12051 Important 11969 Important 12129 Important 12187 Important 12009 Important 12130 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12051 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11969 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12129 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12187 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12009 8.1 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12130 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 12051 Maybe Security Update 17.2.17 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.0 11969 Maybe Security Update 17.0.23 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.9 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.5 5028705 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.20 5028706 https://dotnet.microsoft.com/download/dotnet/7.0 12130 Maybe Security Update 7.0.9 <a href="https://infosec.exchange/@itz_d0dgy">Jack Moran</a> with <a href="https://zxsecurity.co.nz/">ZX Security</a> <a href="https://mastodon.tc.nz/@tech">Matt Cotterell</a> with <a href="https://zxsecurity.co.nz/">ZX Security</a> Ethan McKee-Harris with <a href="https://zxsecurity.co.nz/">ZX Security</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> Microsoft Dynamics Microsoft Yes CVE-2023-33171 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11664 11921 Spoofing 11664 Spoofing 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11664 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5026500 https://www.microsoft.com/en-us/download/details.aspx?id=105283 11664 Maybe Security Update 9.0.47.08 5026501 https://www.microsoft.com/en-us/download/details.aspx?id=105284 11921 Maybe Security Update 9.1.18.22 <a href="https://batr.am/">batram</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Power Apps (online) Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information can be disclosed to the attacker through the misuse of the infrastructure, but no sensitive information can be obtained by the attacker.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>Why is no action required to install this update?</strong></p> <p>This CVE addresses a vulnerability in the Microsoft Power Apps online version only. As such, customers do not need to take any action because releases are rolled out automatically over several days. For more information about the releases for Microsoft Power Apps see <a href="https://learn.microsoft.com/en-us/power-apps/whats-new">What's new in Power Apps?</a>.</p> Microsoft Power Apps Microsoft Yes CVE-2023-32052 Server-Side Request Forgery (SSRF) 12214 Spoofing 12214 Important 12214 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 12214 Release Notes 12214 No Security Update 9.2.23042 <a href="https://twitter.com/fatnass1f1ras">Firas Fatnassi</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Installer Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Installer Microsoft Yes CVE-2023-32053 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Naceri with MSRC V&M 1.0 2023-07-11T07:00:00 <p>Information published.</p> Volume Shadow Copy Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> <p><strong>According to the CVSS metrics, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker would need to perform specific actions on a vulnerable system, then convince another user on that system to interact with the Volume Shadow Copy functionality.</p> Windows Volume Shadow Copy Microsoft Yes CVE-2023-32054 Absolute Path Traversal 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 <a href="https://www.linkedin.com/in/or-yair">Or Yair</a> with <a href="https://www.safebreach.com/">SafeBreach</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Active Template Library Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Active Template Library Microsoft Yes CVE-2023-32055 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Server Update Service Microsoft Yes CVE-2023-32056 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 Naceri with MSRC V&M 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.</p> Windows Message Queuing Microsoft Yes CVE-2023-32057 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <p>The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.</p> <p>You can check to see if there is a service running named <strong>Message Queuing</strong> and TCP port 1801 is listening on the machine.</p> vv001 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> <a href="https://twitter.com/baixia4">Jarvis_1oop</a> <a href="https://x9090.twitter.com/">Wayne Low of Fortinet&#39;s FortiGuard Lab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> 1.1 2023-08-16T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Microsoft Failover Cluster Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles “Cluster Admin” and “Cluster Operator” can access this.</p> Windows Failover Cluster Microsoft Yes CVE-2023-32083 Heap-based Buffer Overflow 11571 11572 11923 11924 10816 10855 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 10816 Information Disclosure 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> HTTP.sys Denial of Service Vulnerability Windows HTTP.sys Microsoft Yes CVE-2023-32084 NULL Pointer Dereference 11568 11569 11570 11571 11572 11923 11924 11926 11927 12085 12086 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 Dragana Damjanovic 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal user permissions could use the Microsoft PS Class Driver to print a malicious XPS file, which could enable an information disclosure attack on the machine.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/print/standard-xps-filters">Standard XPS Filters</a> for more information.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-32085 Buffer Over-read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-35296 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS score, the attack vector is network (AV:N). What does this mean for this vulnerability?</strong></p> <p>Windows Pragmatic General Multicast (PGM) produces multicast traffic that runs on layer 4 and is routable. Therefore this vulnerability can be exploited over the network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by sending specially crafted malicious traffic to a vulnerable server.</p> Windows PGM Microsoft Yes CVE-2023-35297 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Anonymous 1.0 2023-07-11T07:00:00 <p>Information published.</p> 1.1 2024-02-14T08:00:00 <p>Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.</p> HTTP.sys Denial of Service Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the <a href="https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability">Server Name Indication (SNI)</a> over HTTP Protocol Stack (http.sys) to process packets, causing a denial of service (DOS).</p> Windows HTTP.sys Microsoft Yes CVE-2023-35298 Uncontrolled Resource Consumption 11923 11924 11926 11927 12085 12086 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 Hong Hai with Alibaba Orion Security Lab 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2023-35299 Out-of-bounds Read 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/thunderj17">ThunderJ</a> with <a href="https://www.cyberkl.com/">KunlunLab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Remote Procedure Call Runtime Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime.</p> Windows Remote Procedure Call Microsoft Yes CVE-2023-35300 Use After Free 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-35302 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <p><strong>Determine if the Print Spooler service is running</strong></p> <p>Run the following in Windows PowerShell:</p> <p><code>Get-Service -Name Spooler</code></p> <p>If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy:</p> <p><strong>Option 1 - Disable the Print Spooler service</strong></p> <p>If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:</p> <p><code>Stop-Service -Name Spooler -Force</code></p> <p><code>Set-Service -Name Spooler -StartupType Disabled</code></p> <p><strong>Impact of workaround</strong> Disabling the Print Spooler service disables the ability to print both locally and remotely.</p> <p><strong>Option 2 - Disable inbound remote printing through Group Policy</strong></p> <p>You can also configure the settings via Group Policy as follows:</p> <p>Computer Configuration / Administrative Templates / Printers</p> <p>Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.</p> <p>You must restart the Print Spooler service for the group policy to take effect.</p> <p><strong>Impact of workaround</strong> This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.</p> <p>For more information see: <a href="https://docs.microsoft.com/en-us/troubleshoot/windows-server/printing/use-group-policy-to-control-ad-printer">Use Group Policy settings to control printers</a>.</p> kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> USB Audio Class System Driver Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could use Remote Desktop to connect to a vulnerable system that has Plug and Play device redirection enabled.</p> <p>Alternatively, an attacker could plug a specially crafted USB device into the port of a vulnerable system.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2023-35303 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 B1aN 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-35304 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 B1aN 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2023-35305 Heap-based Buffer Overflow 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 B1aN 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> Microsoft Printer Drivers Microsoft Yes CVE-2023-35306 Improper Input Validation 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11570 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 kap0k 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows MSHTML Platform Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.</p> <p>To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows except Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Why are IE Cumulative updates listed for Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> Windows MSHTML Platform Microsoft Yes CVE-2023-35308 External Control of File Name or Path 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11570 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 5028167 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028167 5026366 10483 10543 Yes IE Cumulative 1.001 Ben Faull with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, the target server must be configured to allow remote activation of the COM object. In addition, the attacker must have sufficient user privileges on that server.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Message Queuing Microsoft Yes CVE-2023-35309 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://www.twitter.com/guhe120">Yuki Chen</a> with <a href="https://www.cyberkl.com/">Cyber KunLun</a> <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> 1.1 2023-08-16T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Windows DNS Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Role: DNS Server Microsoft Yes CVE-2023-35310 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10816 10855 Yes Security Update 10.0.14393.6085 5028222 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028222 5027279 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22175 5028222 https://support.microsoft.com/help/5028222 9312 10287 9318 9344 5028226 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028226 9312 10287 9318 9344 Yes Security Only 6.0.6003.22175 5028226 https://support.microsoft.com/help/5028226 9312 10287 9318 9344 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 <a href="https://twitter.com/ecthr0s">George Hughey</a> with <a href="https://https/">MSRC Vulnerabilities and Mitigations</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Outlook Security Feature Bypass Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes. The Preview Pane is an attack vector, but additional user interaction is required.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The attacker would be able to bypass the Microsoft Outlook Security Notice prompt.</p> <p><strong>After I installed the July 2023 security updates for Outlook, I can no longer access UNC, SMB, or file:// type URLs from my Outlook. How do I prevent this from happening?</strong></p> <p>The July 2023 Outlook security updates limit access to UNC, SMB, and file:// type URLs to only those the system identifies as Local, Intranet, or Trusted Sites. Additionally, when you click a link for one of these UNC, SMB, or file:// type URLs, a confirmation dialog will be displayed. To ensure continued access, add the URL, UNC, or FQDN path to the Trusted Site Zone as described in <a href="https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/intranet-site-identified-as-an-internet-site">Intranet site is identified as Internet site - Windows Client | Microsoft Learn</a>.</p> <p>For more information see <a href="https://support.microsoft.com/en-us/office/outlook-blocks-opening-fqdn-and-ip-address-hyperlinks-after-installing-protections-for-microsoft-outlook-security-feature-bypass-vulnerability-released-july-11-2023-4a5160b4-76d0-465b-9809-60837bbd35a8">Outlook blocks opening FQDN and IP address hyperlinks after installing protections for Microsoft Outlook Security Feature Bypass Vulnerability released July 11, 2023</a>.</p> Microsoft Office Outlook Microsoft Yes CVE-2023-35311 Time-of-check Time-of-use (TOCTOU) Race Condition 11762 11953 11763 11952 11573 10765 11574 10766 10317 10318 10407 Security Feature Bypass 11762 Security Feature Bypass 11953 Security Feature Bypass 11763 Security Feature Bypass 11952 Security Feature Bypass 11573 Security Feature Bypass 10765 Security Feature Bypass 11574 Security Feature Bypass 10766 Security Feature Bypass 10317 Security Feature Bypass 10318 Security Feature Bypass 10407 Important 11762 Important 11953 Important 11763 Important 11952 Important 11573 Important 10765 Important 11574 Important 10766 Important 10317 Important 10318 Important 10407 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11762 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11953 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11763 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11952 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11573 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10765 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11574 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10766 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10317 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10318 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10407 Click to Run 11762 11953 11763 11952 11573 11574 No Security Update https://aka.ms/OfficeSecurityReleases 5002427 https://www.microsoft.com/download/details.aspx?familyid=d1a6716a-9986-4e16-aadb-0825ffdb28e1 5002387 10765 Maybe Security Update 16.0.5404.1000 5029827 https://support.microsoft.com/help/5029827 10765 10766 5002427 https://www.microsoft.com/download/details.aspx?familyid=dcb65391-061a-4dc2-ae06-83ed610f7f81 5002387 10766 Maybe Security Update 16.0.5404.1000 5002432 https://www.microsoft.com/download/details.aspx?familyid=168ce814-7e8d-499c-ab3d-2dbaad8c2f10 5002382 10317 Maybe Security Update 15.0.5571.1000 5002432 https://www.microsoft.com/download/details.aspx?familyid=91d8c005-a747-4a7d-906d-bb046ef85020 5002382 10318 Maybe Security Update 15.0.5571.1000 5002432 5002382 10407 Maybe Security Update 15.0.5571.1000 Anonymous 1.0 2023-07-11T07:00:00 <p>Information published.</p> 1.1 2023-07-21T07:00:00 <p>Added an FAQ to explain what customers should do if they run into issues opening UNC, SMB, and file:// type URLs after installing the July 2023 Outlook updates. This is an informational change only.</p> Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows VOLSNAP.SYS Microsoft Yes CVE-2023-35312 Integer Overflow or Wraparound 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11570 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028240 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028240 5027275 10051 10049 Yes Monthly Rollup 6.1.7601.26623 5028240 https://support.microsoft.com/help/5028240 10051 10049 5028224 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028224 10051 10049 Yes Security Only 6.1.7601.26623 5028224 https://support.microsoft.com/help/5028224 10051 10049 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Anonymous 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?</strong></p> <p>There could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies or present the user with a dialog box to enter user credentials.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> Microsoft Dynamics Microsoft Yes CVE-2023-35335 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11664 11921 Spoofing 11664 Spoofing 11921 Important 11664 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11664 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5026500 https://www.microsoft.com/en-us/download/details.aspx?id=105283 11664 Maybe Security Update 9.0.47.08 5026501 https://www.microsoft.com/en-us/download/details.aspx?id=105284 11921 Maybe Security Update 9.1.18.22 <a href="https://twitter.com/kire_devs_hacks">Erik Donker</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Windows SmartScreen Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>The attacker would be able to bypass the Open File - Security Warning prompt.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Windows SmartScreen Microsoft Yes CVE-2023-32049 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;DOS:N/A 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11570 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 Microsoft Threat Intelligence and Microsoft Office Product Group security team 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules <p>Trend Micro has released <a href="https://success.trendmicro.com/dcx/s/solution/000292473?language=en_US">CVE-2023-28005</a> to address a secure boot bypass. Subsequently Microsoft has released the July Windows security updates to block the vulnerable UEFI modules by using the DBX (UEFI Secure Boot Forbidden Signature Database) disallow list.</p> <p>To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA).</p> <p>CVEs released for this issue: CVE-2023-28005.</p> <h2 id="recommended-actions">Recommended Actions:</h2> <p>Microsoft recommends that all customers install the latest Windows security updates.</p> <h2 id="background-information">Background Information</h2> <p>In 2012, Microsoft introduced the Secure Boot feature into the then-new, UEFI-based PC ecosystem.  UEFI Secure Boot is an anti-rootkit feature that defends the boot process from untrusted code execution.  As part of enabling this feature, Microsoft signs boot code both for Windows and 3rd-parties including Linux distributions. This boot code allows Linux systems to take advantage of Secure Boot.</p> <p><strong>What is UEFI?</strong></p> <p>UEFI (Unified Extensible Firmware Interface) defines the interactions between the operating system and the platform firmware. The Secure Boot feature of UEFI prevents the loading of operating system loaders and firmware drivers that are not signed by a trusted signature.</p> <p><strong>What is DBX?</strong></p> <p>DBX is the Forbidden Signature Database and tracks the revoked boot images.</p> Windows EFI Partition Microsoft Yes ADV230002 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 5028232 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028232 5027283 10378 10379 Yes Monthly Rollup 6.2.9200.24374 5028233 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028233 10378 10379 Yes Security Only 6.2.9200.24374 5028228 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028228 5027271 10483 10543 Yes Monthly Rollup 6.3.9600.21063 5028223 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028223 10483 10543 Yes Security Only 6.3.9600.21075 Zammis Clark 1.0 2023-07-11T07:00:00 <p>Information published.</p> Paint 3D Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>How do I get the updated app?</strong></p> <p>The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see <a href="https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f">here</a> for details.</p> <p>It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.</p> <p><strong>My system is in a disconnected environment; is it vulnerable?</strong></p> <p>Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.</p> <p><strong>How can I check if the update is installed?</strong></p> <p>App package versions <strong>6.2305.16087.0</strong> and later contain this update.</p> <p>You can check the package version in PowerShell:</p> <p><code>Get-AppxPackage -Name Microsoft.MSPaint</code></p> Paint 3D Microsoft Yes CVE-2023-35374 Heap-based Buffer Overflow 11758 Remote Code Execution 11758 Important 11758 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11758 Release Notes https://www.microsoft.com/en-us/p/paint-3d/9nblggh5fv99#activetab=pivot:overviewtab 11758 Maybe Security Update 6.2305.16087.0 Anonymous 1.0 2023-07-11T07:00:00 <p>Information published.</p> Mono Authenticode Validation Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> Mono Authenticode Microsoft Yes CVE-2023-35373 Improper Verification of Cryptographic Signature 11875 Spoofing 11875 Important 11875 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 5.3 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11875 Release Notes https://www.mono-project.com/download/stable/ 11875 Maybe Security Update 6.12.0.200 Bill Demirkapi with Microsoft 1.0 2023-07-11T07:00:00 <p>Information published.</p> Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Visual Studio Code Microsoft Yes CVE-2023-36867 11886 Remote Code Execution 11886 Important 11886 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11886 Release Notes https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-pull-request-github 11886 Maybe Security Update 0.66.2 Paul Gerste with <a href="https://www.sonarsource.com/">Sonar</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Azure Service Fabric on Windows Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment.</p> Service Fabric Microsoft Yes CVE-2023-36868 12208 12171 Information Disclosure 12208 Information Disclosure 12171 Important 12208 Important 12171 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12208 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12171 Release Notes https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server 12208 Maybe Security Update 9.0.1526.9590 Release Notes https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade-windows-server 12171 Maybe Security Update 9.1.1799.9590 <p><strong>Does Azure Service Fabric provide any additional protections which can help reduce or mitigate the risks posed by this vulnerability?</strong></p> <p>A user must explicitly configure the virtual network associated with an Azure Service Fabric resource, to expose the endpoints to be accessible by a potential attacker. Resources configured as described in the <a href="https://learn.microsoft.com/en-us/azure/security/fundamentals/service-fabric-best-practices">Azure Service Fabric Best Practices</a> are at a lower risk of exploitation.</p> Carolina Hatanpaa with Azure Red Team 1.0 2023-07-11T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Within a SharePoint site, the attacker must be authenticated, and they would need to have the “Use Remote Interfaces” and “Add and Customize Pages” permissions on a Policy Center site to be able to exploit this vulnerability.</p> <p><strong>What is the attack vector for this vulnerability?</strong></p> <p>In a network-based attack, the attacker must be authenticated to a SharePoint Online tenant associated with a hybrid deployment to tamper with data. This tampered data is synchronized down to the on-premises server and exploits the vulnerability. The attackers code will run in the context of the SharePoint timer service on the on-premises server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2023-33134 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002425 https://www.microsoft.com/download/details.aspx?familyid=60a3614c-b9f9-4db4-b193-ab44dd882139 5002404 10950 Maybe Security Update 16.0.5404.1000 5002423 https://www.microsoft.com/download/details.aspx?familyid=e45e1f77-b009-4ac6-beba-cee83652b9aa 5002402 11585 Maybe Security Update 16.0.10400.20008 5002424 https://www.microsoft.com/download/details.aspx?familyid=829b9115-dcd6-420f-a2b8-15031debf2ba 5002416 11961 Maybe Security Update 16.0.16130.20642 5002424 11961 <a href="https://github.com/zcgonvh">zcgonvh</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> Azure Active Directory Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker can bypass Windows Trusted Platform Module by crafting an assertion and using the assertion to request a Primary Refresh Token from another device.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?</strong></p> <p>By exploiting this vulnerability, an attacker can craft a long-lived assertion and impersonate a victim user affecting the integrity of the assertion.</p> <p><strong>What actions do I need to take to be protected from this vulnerability?</strong></p> <p>Customers should install Windows updates released on or after July 11, 2023 on client devices with Windows OS. Please refer the affected software section to apply the update.</p> <p><strong>What actions do I need to take to be protected from this vulnerability?</strong></p> <p>To be protected, apply the fix as follows:</p> <p>Install Windows updates released on or after July 11, 2023 on all AD FS servers of the farm. Then, enable the setting by running the following PowerShell command on the primary AD FS server of the farm:</p> <p><code>Set-AdfsProperties-EnforceNonceInJWT Enabled</code></p> <p><strong>Important</strong> You may see authentication failures in certain scenarios when there are clients that are not updated and send JWT authentication requests to the AD FS server. In such cases, we recommend updating all clients by installing the Windows update released on or after July 11, 2023. Alternatively, an administrator can disable the <strong>EnforceNonceInJWT</strong> setting and monitor the AD FS servers for the logging of Event 187 to identify potential requests that could be rejected when <strong>EnforceNonceInJWT</strong> is set to <strong>Enabled</strong>. After confirming the absence of Event 187 on AD FS servers for a defined period of time, the <strong>EnforceNonceInJWT</strong> setting must be updated to <strong>Enabled</strong>.</p> Azure Active Directory Microsoft Yes CVE-2023-36871 11568 11569 11570 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11568 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11569 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11570 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11571 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11572 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11923 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11924 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11926 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11927 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11929 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11930 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11931 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12085 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12097 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12098 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12099 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10729 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10735 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10852 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10853 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10816 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10855 5028168 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168 5027222 11568 11569 11570 11571 11572 Yes Security Update 10.0.17763.4645 5028168 https://support.microsoft.com/help/5028168 11568 11569 11570 11571 11572 5028171 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171 5027225 11923 11924 Yes Security Update 10.0.20348.1850 5028171 https://support.microsoft.com/help/5028171 11923 11924 5028182 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028182 5027223 11926 11927 Yes Security Update 10.0.22000.2176 5028182 https://support.microsoft.com/help/5028182 11926 11927 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 11929 11930 11931 Yes Security Update 10.0.19044.3208 5028166 https://support.microsoft.com/help/5028166 11929 11930 11931 12097 12098 12099 5028185 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028185 5027231 12085 12086 Yes Security Update 10.0.22621.1992 5028185 https://support.microsoft.com/help/5028185 12085 12086 5028166 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028166 5027215 12097 12098 12099 Yes Security Update 10.0.19045.3208 5028186 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028186 5027230 10729 10735 Yes Security Update 10.0.10240.20048 5028169 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028169 5027219 10852 10853 10816 10855 Yes Security Update 10.0.14393.6085 <a href="https://twitter.com/_dirkjan">Dirk-jan Mollema</a> with <a href="https://outsidersecurity.nl/">Outsider Security</a> 1.0 2023-07-11T07:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-28331 https://nvd.nist.gov/vuln/detail/CVE-2022-28331 Mariner security@apache.org Yes CVE-2022-28331 12137 12138 12137 12138 12137 12138 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 apr 12137 apr-1.6.5-6.cm1.x86_64.rpm 0001-01-01T00:00:00 apr-devel-1.6.5-6.cm1.x86_64.rpm 0001-01-01T00:00:00 apr-debuginfo-1.6.5-6.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.5-6 apr 12138 apr-1.6.5-6.cm1.aarch64.rpm 0001-01-01T00:00:00 apr-devel-1.6.5-6.cm1.aarch64.rpm 0001-01-01T00:00:00 apr-debuginfo-1.6.5-6.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.6.5-6 1.0 2023-07-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-2908 https://nvd.nist.gov/vuln/detail/CVE-2023-2908 https://nvd.nist.gov/vuln/detail/CVE-2023-2908 https://nvd.nist.gov/vuln/detail/CVE-2023-2908 Mariner secalert@redhat.com Yes CVE-2023-2908 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12138 libtiff-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12139 libtiff-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12140 libtiff-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 1.0 2023-07-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 Mariner cve@mitre.org Yes CVE-2023-26966 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12138 libtiff-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12139 libtiff-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12140 libtiff-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 1.0 2023-07-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-25433 https://nvd.nist.gov/vuln/detail/CVE-2023-25433 https://nvd.nist.gov/vuln/detail/CVE-2023-25433 https://nvd.nist.gov/vuln/detail/CVE-2023-25433 Mariner cve@mitre.org Yes CVE-2023-25433 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12138 libtiff-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12139 libtiff-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12140 libtiff-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 1.0 2023-07-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3212 https://nvd.nist.gov/vuln/detail/CVE-2023-3212 Mariner secalert@redhat.com Yes CVE-2023-3212 12137 12138 12137 12138 12137 12138 DOS:N/A 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12137 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-07-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-29503 https://nvd.nist.gov/vuln/detail/CVE-2022-29503 https://nvd.nist.gov/vuln/detail/CVE-2022-29503 https://nvd.nist.gov/vuln/detail/CVE-2022-29503 Mariner talos-cna@cisco.com Yes CVE-2022-29503 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 uclibc-ng 12137 uclibc-ng-devel-1.0.43-2.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.0.43-2 uclibc-ng 12138 uclibc-ng-devel-1.0.43-2.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.0.43-2 uclibc-ng 12139 uclibc-ng-devel-1.0.43-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.0.43-1 uclibc-ng 12140 uclibc-ng-devel-1.0.43-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.0.43-1 1.0 2023-07-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3359 https://nvd.nist.gov/vuln/detail/CVE-2023-3359 https://nvd.nist.gov/vuln/detail/CVE-2023-3359 https://nvd.nist.gov/vuln/detail/CVE-2023-3359 Mariner secalert@redhat.com Yes CVE-2023-3359 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 hyperv-daemons 12139 hyperv-daemons-5.15.118.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.118.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.118.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.118.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.118.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.118.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.118.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.118.1-1 hyperv-daemons 12140 hyperv-daemons-5.15.118.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.118.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.118.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.118.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.118.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.118.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.118.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.118.1-1 1.0 2023-07-07T00:00:00 <p>Information published.</p> 1.1 2023-07-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3357 https://nvd.nist.gov/vuln/detail/CVE-2023-3357 Mariner secalert@redhat.com Yes CVE-2023-3357 12137 12138 12137 12138 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-07-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3090 https://nvd.nist.gov/vuln/detail/CVE-2023-3090 Mariner security@google.com Yes CVE-2023-3090 12137 12138 12137 12138 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-07-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3439 https://nvd.nist.gov/vuln/detail/CVE-2023-3439 https://nvd.nist.gov/vuln/detail/CVE-2023-3439 https://nvd.nist.gov/vuln/detail/CVE-2023-3439 https://nvd.nist.gov/vuln/detail/CVE-2023-3439 https://nvd.nist.gov/vuln/detail/CVE-2023-3439 Mariner patrick@puiterwijk.org Yes CVE-2023-3439 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 hyperv-daemons 12139 hyperv-daemons-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.126.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.126.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.126.1-1 kernel 12139 kernel-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.126.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.126.1-1 hyperv-daemons 12140 hyperv-daemons-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.126.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.126.1-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.126.1-1 kernel 12140 kernel-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.126.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.126.1-1 1.0 2023-07-07T00:00:00 <p>Information published.</p> 1.1 2023-07-05T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3355 https://nvd.nist.gov/vuln/detail/CVE-2023-3355 Mariner secalert@redhat.com Yes CVE-2023-3355 12137 12138 12137 12138 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-07-08T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3358 https://nvd.nist.gov/vuln/detail/CVE-2023-3358 Mariner secalert@redhat.com Yes CVE-2023-3358 12137 12138 12137 12138 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-07-07T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-22995 https://nvd.nist.gov/vuln/detail/CVE-2023-22995 Mariner cve@mitre.org Yes CVE-2023-22995 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 kernel 12140 kernel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 1.0 2023-03-09T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-48425 https://nvd.nist.gov/vuln/detail/CVE-2022-48425 Mariner cve@mitre.org Yes CVE-2022-48425 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 kernel 12140 kernel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 1.0 2023-03-24T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1786 https://nvd.nist.gov/vuln/detail/CVE-2023-1786 Mariner security@ubuntu.com Yes CVE-2023-1786 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12140 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12138 cloud-init 12139 12140 cloud-init-22.4-3.cm2.noarch.rpm 0001-01-01T00:00:00 cloud-init-azure-kvp-22.4-3.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 22.4-3 cloud-init 12137 12138 cloud-init-21.4-4.cm1.noarch.rpm 0001-01-01T00:00:00 cloud-init-azure-kvp-21.4-4.cm1.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 21.4-3 1.0 2023-05-01T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3111 https://nvd.nist.gov/vuln/detail/CVE-2023-3111 Mariner secalert@redhat.com Yes CVE-2023-3111 12139 12140 12139 12140 12139 12140 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12139 kernel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 kernel 12140 kernel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 1.0 2023-06-10T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3141 https://nvd.nist.gov/vuln/detail/CVE-2023-3141 Mariner secalert@redhat.com Yes CVE-2023-3141 12139 12140 12139 12140 12139 12140 DOS:N/A 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12139 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12140 kernel 12139 kernel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 kernel 12140 kernel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 1.0 2023-06-17T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-35788 https://nvd.nist.gov/vuln/detail/CVE-2023-35788 https://nvd.nist.gov/vuln/detail/CVE-2023-35788 https://nvd.nist.gov/vuln/detail/CVE-2023-35788 Mariner cve@mitre.org Yes CVE-2023-35788 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 DOS:N/A 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12139 kernel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 kernel 12140 kernel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-06-24T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2084 Mariner security@ubuntu.com Yes CVE-2022-2084 12137 12138 12137 12138 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 12138 cloud-init 12137 12138 cloud-init-21.4-4.cm1.noarch.rpm 0001-01-01T00:00:00 cloud-init-azure-kvp-21.4-4.cm1.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 21.4-4 1.0 2023-05-02T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-25434 https://nvd.nist.gov/vuln/detail/CVE-2023-25434 https://nvd.nist.gov/vuln/detail/CVE-2023-25434 https://nvd.nist.gov/vuln/detail/CVE-2023-25434 Mariner cve@mitre.org Yes CVE-2023-25434 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12137 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12138 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 libtiff 12137 libtiff-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12138 libtiff-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12139 libtiff-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12140 libtiff-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 1.0 2023-06-19T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-25435 https://nvd.nist.gov/vuln/detail/CVE-2023-25435 https://nvd.nist.gov/vuln/detail/CVE-2023-25435 https://nvd.nist.gov/vuln/detail/CVE-2023-25435 Mariner cve@mitre.org Yes CVE-2023-25435 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12138 libtiff-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12139 libtiff-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12140 libtiff-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 1.0 2023-06-26T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 Mariner security@jfrog.com Yes CVE-2023-3316 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12138 libtiff-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12139 libtiff-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12140 libtiff-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 1.0 2023-06-26T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-35829 https://nvd.nist.gov/vuln/detail/CVE-2023-35829 Mariner cve@mitre.org Yes CVE-2023-35829 12137 12138 12137 12138 12137 12138 DOS:N/A 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-06-27T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-35823 https://nvd.nist.gov/vuln/detail/CVE-2023-35823 Mariner cve@mitre.org Yes CVE-2023-35823 12137 12138 12137 12138 12137 12138 DOS:N/A 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-06-27T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3220 https://nvd.nist.gov/vuln/detail/CVE-2023-3220 Mariner secalert@redhat.com Yes CVE-2023-3220 12137 12138 12137 12138 12137 12138 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12138 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-06-28T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3312 https://nvd.nist.gov/vuln/detail/CVE-2023-3312 https://nvd.nist.gov/vuln/detail/CVE-2023-3312 https://nvd.nist.gov/vuln/detail/CVE-2023-3312 https://nvd.nist.gov/vuln/detail/CVE-2023-3312 https://nvd.nist.gov/vuln/detail/CVE-2023-3312 Mariner secalert@redhat.com Yes CVE-2023-3312 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 hyperv-daemons 12139 hyperv-daemons-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.2-1 kernel 12139 kernel-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.118.1-2 hyperv-daemons 12140 hyperv-daemons-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.2-1 kernel 12140 kernel-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.118.1-2 1.0 2023-06-28T00:00:00 <p>Information published.</p> 1.1 2023-07-05T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2023-3317 https://nvd.nist.gov/vuln/detail/CVE-2023-3317 https://nvd.nist.gov/vuln/detail/CVE-2023-3317 https://nvd.nist.gov/vuln/detail/CVE-2023-3317 https://nvd.nist.gov/vuln/detail/CVE-2023-3317 Mariner secalert@redhat.com Yes CVE-2023-3317 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12137 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12138 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12139 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 12140 kernel 12137 12138 kernel-headers-5.4.51-2.cm1.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.188.1-1 hyperv-daemons 12139 hyperv-daemons-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.2-1 kernel 12139 kernel-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.122.1-2 hyperv-daemons 12140 hyperv-daemons-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.2-1 kernel 12140 kernel-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.122.1-2 1.0 2023-07-06T00:00:00 <p>Information published.</p> 1.1 2023-06-27T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-35826 https://nvd.nist.gov/vuln/detail/CVE-2023-35826 https://nvd.nist.gov/vuln/detail/CVE-2023-35826 https://nvd.nist.gov/vuln/detail/CVE-2023-35826 https://nvd.nist.gov/vuln/detail/CVE-2023-35826 Mariner cve@mitre.org Yes CVE-2023-35826 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 kernel 12137 12138 kernel-headers-5.4.51-2.cm1.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.188.1-1 hyperv-daemons 12139 hyperv-daemons-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 kernel 12139 kernel-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.122.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.122.1-2 hyperv-daemons 12140 hyperv-daemons-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervkvpd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervvssd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hypervfcopyd-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hyperv-daemons-license-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-tools-5.15.158.2-1.cm2.noarch.rpm 0001-01-01T00:00:00 hyperv-daemons-debuginfo-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.1-1 kernel 12140 kernel-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.122.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.122.1-2 1.0 2023-06-27T00:00:00 <p>Information published.</p> 1.1 2023-06-28T00:00:00 <p>Added kernel to CBL-Mariner 1.0</p> 1.2 2023-07-05T00:00:00 <p>Added hyperv-daemons to CBL-Mariner 2.0</p> https://nvd.nist.gov/vuln/detail/CVE-2020-24025 https://nvd.nist.gov/vuln/detail/CVE-2020-24025 Mariner cve@mitre.org Yes CVE-2020-24025 12139 12140 12139 12140 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 12140 reaper 12139 reaper-3.1.1-9.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.1.1-9 reaper 12140 CBL-Mariner 3.1.1-9 1.0 2023-07-31T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-36617 https://nvd.nist.gov/vuln/detail/CVE-2023-36617 Mariner cve@mitre.org Yes CVE-2023-36617 12139 12140 12139 12140 12139 12140 DOS:N/A 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12139 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 12140 ruby 12139 ruby-3.1.4-2.cm2.x86_64.rpm 0001-01-01T00:00:00 rubygems-3.3.26-2.cm2.noarch.rpm 0001-01-01T00:00:00 rubygems-devel-3.3.26-2.cm2.noarch.rpm 0001-01-01T00:00:00 ruby-debuginfo-3.1.4-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.1.4-2 ruby 12140 ruby-3.1.4-2.cm2.aarch64.rpm 0001-01-01T00:00:00 rubygems-3.3.26-2.cm2.noarch.rpm 0001-01-01T00:00:00 rubygems-devel-3.3.26-2.cm2.noarch.rpm 0001-01-01T00:00:00 ruby-debuginfo-3.1.4-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.1.4-2 1.0 2023-07-04T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-2002 https://nvd.nist.gov/vuln/detail/CVE-2023-2002 Mariner secalert@redhat.com Yes CVE-2023-2002 12139 12140 12139 12140 12139 12140 DOS:N/A 6.8 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 12139 6.8 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 12140 kernel 12139 kernel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 kernel 12140 kernel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.116.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.116.1-2 1.0 2023-06-09T00:00:00 <p>Information published.</p> 1.1 2023-07-17T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-1916 https://nvd.nist.gov/vuln/detail/CVE-2023-1916 https://nvd.nist.gov/vuln/detail/CVE-2023-1916 https://nvd.nist.gov/vuln/detail/CVE-2023-1916 Mariner secalert@redhat.com Yes CVE-2023-1916 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 12137 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 12138 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 12139 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 12140 libtiff 12137 libtiff-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12138 libtiff-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12139 libtiff-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12140 libtiff-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 1.0 2023-04-17T00:00:00 <p>Information published.</p> 1.1 2023-04-19T00:00:00 <p>Added libtiff to CBL-Mariner 2.0</p> 1.2 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 Mariner cve@mitre.org Yes CVE-2023-26965 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12137 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12138 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 libtiff 12137 libtiff-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12138 libtiff-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12139 libtiff-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 libtiff 12140 libtiff-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-devel-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libtiff-debuginfo-4.5.1-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.5.1-1 1.0 2023-06-19T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-31486 https://nvd.nist.gov/vuln/detail/CVE-2023-31486 Mariner cve@mitre.org Yes CVE-2023-31486 12137 12138 12139 12140 12137 12138 12139 12140 12137 12138 12139 12140 DOS:N/A 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12137 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12138 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 perl 12137 perl-5.30.3-3.cm1.x86_64.rpm 0001-01-01T00:00:00 perl-debuginfo-5.30.3-3.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.30.3-3 perl 12138 perl-5.30.3-3.cm1.aarch64.rpm 0001-01-01T00:00:00 perl-debuginfo-5.30.3-3.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.30.3-3 1.0 2023-06-23T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-35824 https://nvd.nist.gov/vuln/detail/CVE-2023-35824 Mariner cve@mitre.org Yes CVE-2023-35824 12137 12138 12137 12138 12137 12138 DOS:N/A 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12137 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 12138 kernel 12137 kernel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-oprofile-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 kernel 12138 kernel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.10.185.1-1.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.10.185.1-1 1.0 2023-06-27T00:00:00 <p>Information published.</p> 1.1 2023-07-29T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 Mariner support@hackerone.com Yes CVE-2023-30589 12139 12140 12139 12140 12139 12140 DOS:N/A 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 12140 nghttp2 12139 nghttp2-1.57.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nghttp2-devel-1.57.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nghttp2-debuginfo-1.57.0-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.57.0-1 nodejs 12139 nodejs-16.20.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.20.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.20.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.20.1-2 nodejs18 12139 nodejs18-18.17.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs18-devel-18.17.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs18-debuginfo-18.17.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 18.17.1-2 nghttp2 12140 nghttp2-1.57.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nghttp2-devel-1.57.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nghttp2-debuginfo-1.57.0-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.57.0-1 nodejs 12140 nodejs-16.20.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.20.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.20.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.20.1-2 nodejs18 12140 nodejs18-18.17.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs18-devel-18.17.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs18-debuginfo-18.17.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 18.17.1-2 1.0 2023-07-01T00:00:00 <p>Information published.</p>